[ubuntu/hardy-security] kdelibs_3.5.10-0ubuntu1~hardy1.5_i386_translations.tar.gz, kdelibs, kdelibs_3.5.10-0ubuntu1~hardy1.5_lpia_translations.tar.gz, kdelibs_3.5.10-0ubuntu1~hardy1.5_amd64_translations.tar.gz, kdelibs_3.5.10-0ubuntu1~hardy1.5_sparc_translations.tar.gz, kdelibs_3.5.10-0ubuntu1~hardy1.5_hppa_translations.tar.gz, kdelibs_3.5.10-0ubuntu1~hardy1.5_ia64_translations.tar.gz, kdelibs_3.5.10-0ubuntu1~hardy1.5_powerpc_translations.tar.gz 4:3.5.10-0ubuntu1~hardy1.5 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Dec 11 01:05:31 GMT 2009
kdelibs (4:3.5.10-0ubuntu1~hardy1.5) hardy-security; urgency=low
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- based on patch by Jonathan Riddell
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Date: Mon, 07 Dec 2009 15:06:48 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/kdelibs/4:3.5.10-0ubuntu1~hardy1.5
-------------- next part --------------
Format: 1.7
Date: Mon, 07 Dec 2009 15:06:48 -0600
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs4-doc kdelibs-dbg
Architecture: source
Version: 4:3.5.10-0ubuntu1~hardy1.5
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
kdelibs - core libraries from the official KDE release
kdelibs-data - core shared data for all KDE applications
kdelibs-dbg - debugging symbols for kdelibs
kdelibs4-dev - development files for the KDE core libraries
kdelibs4-doc - developer documentation for the KDE core libraries
kdelibs4c2a - core libraries and binaries for all KDE applications
Changes:
kdelibs (4:3.5.10-0ubuntu1~hardy1.5) hardy-security; urgency=low
.
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- based on patch by Jonathan Riddell
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Files:
0e528a7564f8d3404a3bcaa28538cb2e 1729 libs optional kdelibs_3.5.10-0ubuntu1~hardy1.5.dsc
3693849d1a4409e8c03f0fde6da39fa5 1793748 libs optional kdelibs_3.5.10-0ubuntu1~hardy1.5.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
More information about the Hardy-changes
mailing list