[ubuntu/lucid] kdelibs 4:3.5.10.dfsg.1-2.1ubuntu3 (Accepted)

Jonathan Riddell jriddell at ubuntu.com
Mon Dec 7 17:50:18 GMT 2009 

kdelibs (4:3.5.10.dfsg.1-2.1ubuntu3) lucid; urgency=low

  * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
   - Ark and KMail performs insufficient validation which leads to
     specially crafted archive files, using unknown MIME types, to be
     rendered using a KHTML instance, this can trigger uncontrolled
     XMLHTTPRequests to remote sites
   - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
     restricts xmlhttprequest to http protocols only
   - http://www.kde.org/info/security/advisory-20091027-1.txt
   - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
   - CVE n/a

Date: Mon, 07 Dec 2009 17:42:13 +0000
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/kdelibs/4:3.5.10.dfsg.1-2.1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 07 Dec 2009 17:42:13 +0000
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs-dbg
Architecture: source
Version: 4:3.5.10.dfsg.1-2.1ubuntu3
Distribution: lucid
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Description: 
 kdelibs    - core libraries from the official KDE release
 kdelibs-data - core shared data for all KDE applications
 kdelibs-dbg - debugging symbols for kdelibs
 kdelibs4-dev - development files for the KDE core libraries
 kdelibs4c2a - core libraries and binaries for all KDE applications
Changes: 
 kdelibs (4:3.5.10.dfsg.1-2.1ubuntu3) lucid; urgency=low
 .
   * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
    - Ark and KMail performs insufficient validation which leads to
      specially crafted archive files, using unknown MIME types, to be
      rendered using a KHTML instance, this can trigger uncontrolled
      XMLHTTPRequests to remote sites
    - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
      restricts xmlhttprequest to http protocols only
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE n/a
Checksums-Sha1: 
 7cfa0a4b8b8a85b7ebaf78b528cab1372263595b 2342 kdelibs_3.5.10.dfsg.1-2.1ubuntu3.dsc
 6903e5c70fed53053a02adb09103382bb34b4755 799820 kdelibs_3.5.10.dfsg.1-2.1ubuntu3.diff.gz
Checksums-Sha256: 
 8de59dec13ff643b86761790ae95bd18254a36b80102b5080d71e0fc954484fa 2342 kdelibs_3.5.10.dfsg.1-2.1ubuntu3.dsc
 297c7c0463840570d310a3d69fab76a77a1f8f7368ad482d214adb8d516edcfb 799820 kdelibs_3.5.10.dfsg.1-2.1ubuntu3.diff.gz
Files: 
 1832baa80d1a3d89cc0b8e1687db6ca3 2342 libs optional kdelibs_3.5.10.dfsg.1-2.1ubuntu3.dsc
 ede29085bbffa31a0909db2e07d127a7 799820 libs optional kdelibs_3.5.10.dfsg.1-2.1ubuntu3.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksdPxAACgkQpQbm1N1NUIhxJACgq9JgGURxidazTo0X8QkiVp2o
V88An1Zg9cXjeRq0ikhKRqhJjWUkdTGn
=3tzx
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list