[ubuntu/karmic-security] kde4libs, kde4libs_4.3.2-0ubuntu7.2_lpia_translations.tar.gz, kde4libs_4.3.2-0ubuntu7.2_sparc_translations.tar.gz, kde4libs_4.3.2-0ubuntu7.2_ia64_translations.tar.gz, kde4libs_4.3.2-0ubuntu7.2_powerpc_translations.tar.gz, kde4libs_4.3.2-0ubuntu7.2_armel_translations.tar.gz, kde4libs_4.3.2-0ubuntu7.2_amd64_translations.tar.gz, kde4libs_4.3.2-0ubuntu7.2_i386_translations.tar.gz 4:4.3.2-0ubuntu7.2 (Accepted)

[Ubuntu Installer]

kde4libs (4:4.3.2-0ubuntu7.2) karmic-security; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix buffer overflow when converting string to float
    - debian/patches/security_02_CVE-2009-0689.diff: adjust Kmax to handle
      large field numbers in kjs/dtoa.cpp
    - CVE-2009-0689

  [ Jonathan Riddell ]
  * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
    - Ark and KMail performs insufficient validation which leads to
      specially crafted archive files, using unknown MIME types, to be
      rendered using a KHTML instance, this can trigger uncontrolled
      XMLHTTPRequests to remote sites
    - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
      restricts xmlhttprequest to http protocols only
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE-2009-XXXX

Date: Mon, 07 Dec 2009 15:27:41 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/kde4libs/4:4.3.2-0ubuntu7.2
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 15:27:41 -0600
Source: kde4libs
Binary: kdelibs5 kdelibs5-data kdelibs5-dev kdelibs-bin libplasma3 kdelibs5-dbg
Architecture: source
Version: 4:4.3.2-0ubuntu7.2
Distribution: karmic-security
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 kdelibs-bin - executables for all KDE 4 core applications
 kdelibs5   - core libraries for all KDE 4 applications
 kdelibs5-data - core shared data for all KDE 4 applications
 kdelibs5-dbg - debugging symbols for the KDE 4 libraries module
 kdelibs5-dev - development files for the KDE 4 core libraries
 libplasma3 - library for the KDE 4 Plasma desktop
Changes: 
 kde4libs (4:4.3.2-0ubuntu7.2) karmic-security; urgency=low
 .
   [ Jamie Strandboge ]
   * SECURITY UPDATE: fix buffer overflow when converting string to float
     - debian/patches/security_02_CVE-2009-0689.diff: adjust Kmax to handle
       large field numbers in kjs/dtoa.cpp
     - CVE-2009-0689
 .
   [ Jonathan Riddell ]
   * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
     - Ark and KMail performs insufficient validation which leads to
       specially crafted archive files, using unknown MIME types, to be
       rendered using a KHTML instance, this can trigger uncontrolled
       XMLHTTPRequests to remote sites
     - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
       restricts xmlhttprequest to http protocols only
     - http://www.kde.org/info/security/advisory-20091027-1.txt
     - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
     - CVE-2009-XXXX
Checksums-Sha1: 
 19a0f8cfc5867407d59a048043ca8d5c0fe3e143 2301 kde4libs_4.3.2-0ubuntu7.2.dsc
 643685a29bbf2deb2db6246878401d858df3cad1 160839 kde4libs_4.3.2-0ubuntu7.2.diff.gz
Checksums-Sha256: 
 1c05cbc5a694a9e90e12d885ce61634301498d6c2b7fa62fb97b6b30eeb479f0 2301 kde4libs_4.3.2-0ubuntu7.2.dsc
 c21da9a7949b6a4b1d5e49511f27d5f9f99f0b91e52ed80c73856b673bcfb5b2 160839 kde4libs_4.3.2-0ubuntu7.2.diff.gz
Files: 
 7e7ce51359cf82ec23188479bd81f34f 2301 libs optional kde4libs_4.3.2-0ubuntu7.2.dsc
 c594eccef7c8ceabff20a8b5bb8da6b0 160839 libs optional kde4libs_4.3.2-0ubuntu7.2.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>