Fri Dec 11 06:05:13 GMT 2009

kdebase-runtime (4:4.1.4-0ubuntu1~intrepid1.2) intrepid-security; urgency=low

  * SECURITY UPDATE: IO Slaves input sanitization errors
   - KDE protocol handlers perform insufficient input validation, an
     attacker can craft malicious URI that would trigger JavaScript
     execution. Additionally the 'help://' protocol handler suffer from
     directory traversal. It should be noted that the scope of this
     issue is limited as the malicious URIs cannot be embedded in
     Internet hosted content.
   - Add security_01_info_kio_no_javascript.diff, stops javascript
     within info kio slave
   - http://www.kde.org/info/security/advisory-20091027-1.txt
   - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
   - CVE n/a

Date: Mon, 07 Dec 2009 18:26:59 +0000
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/kdebase-runtime/4:4.1.4-0ubuntu1~intrepid1.2
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 18:26:59 +0000
Source: kdebase-runtime
Binary: kdebase-runtime kdebase-runtime-bin-kde4 kdebase-runtime-data kdebase-runtime-data-common khelpcenter4 khelpcenter kde-icons-oxygen kdebase-runtime-dbg phonon-backend-xine
Architecture: source
Version: 4:4.1.4-0ubuntu1~intrepid1.2
Distribution: intrepid-security
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Description: 
 kde-icons-oxygen - Oxygen icon theme for KDE 4
 kdebase-runtime - runtime components from the official KDE 4 release
 kdebase-runtime-bin-kde4 - core binaries for the KDE 4 base runtime module
 kdebase-runtime-data - shared data files for the KDE 4 base runtime module
 kdebase-runtime-data-common - shared data files for the KDE 4 base runtime module
 kdebase-runtime-dbg - debugging symbols for KDE 4 base runtime module
 khelpcenter - metapackage for the help center for KDE4
 khelpcenter4 - Help Center for KDE 4
 phonon-backend-xine - Phonon Xine 1.1.x backend
Changes: 
 kdebase-runtime (4:4.1.4-0ubuntu1~intrepid1.2) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: IO Slaves input sanitization errors
    - KDE protocol handlers perform insufficient input validation, an
      attacker can craft malicious URI that would trigger JavaScript
      execution. Additionally the 'help://' protocol handler suffer from
      directory traversal. It should be noted that the scope of this
      issue is limited as the malicious URIs cannot be embedded in
      Internet hosted content.
    - Add security_01_info_kio_no_javascript.diff, stops javascript
      within info kio slave
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE n/a
Checksums-Sha1: 
 7c519f1709500979ca51b09a46830db6e72b391b 2134 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.dsc
 cecb652ea156b87e1fd80c6f6f48d5208876923d 36571 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.diff.gz
Checksums-Sha256: 
 8e41847607fb0456bad1882f81ff00cdc93848ae98c5c3ab9a2df0c0c896ca82 2134 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.dsc
 f9437c9b3926f8f8357265a274ce169593b248de6c9aa6020b4e4a715c77caab 36571 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.diff.gz
Files: 
 199cf0744b1d6b6c557be41f1ffe8a79 2134 kde optional kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.dsc
 c37c88ec1cbeb1f4be4fb11d4cf69e12 36571 kde optional kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>