[Bug 661416] Re: Uncontrolled XMLHTTPRequest vulnerability
Felix Geyer
debfx-pkg at fobos.de
Fri Oct 15 20:33:05 UTC 2010
kdelibs (4:3.5.10.dfsg.1-3ubuntu2.10.10.1) maverick-security;
urgency=low
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416)
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites.
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only.
This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1.
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE n/a
* Fix FTBFS: disable parallel building.
-- Felix Geyer <debfx-pkg at fobos.de> Fri, 15 Oct 2010 21:19:11 +0200
** Patch added: "kdelibs_3.5.10.dfsg.1-3ubuntu2.10.10.1.debdiff"
https://bugs.edge.launchpad.net/ubuntu/+source/kdelibs/+bug/661416/+attachment/1695551/+files/kdelibs_3.5.10.dfsg.1-3ubuntu2.10.10.1.debdiff
--
Uncontrolled XMLHTTPRequest vulnerability
https://bugs.launchpad.net/bugs/661416
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdelibs in ubuntu.
More information about the kubuntu-bugs
mailing list