-
kdelibs (4:3.4.3-0ubuntu2.4) breezy-security; urgency=low
* SECURITY UPDATE: possible XSS via incorrect UTF8 truncation.
* Add kubuntu_97_kjs_utf8_fixes.diff: upstream fixes.
* References
CVE-2007-0242
-- Kees Cook <email address hidden> Tue, 10 Apr 2007 11:19:42 -0700
-
kdelibs (4:3.4.3-0ubuntu2.3) breezy-security; urgency=low
* SECURITY UPDATE: FTP PASV scanning vulnerability, and JS DoS.
* Add kubuntu_91_ftp_pasv_scanning.diff
* References
ftp://ftp.kde.org/pub/kde/security_patches/CVE-2007-1564-kdelibs-3.4.3.diff
CVE-2007-1564
-- Kees Cook <email address hidden> Tue, 27 Mar 2007 17:08:36 -0700
-
kdelibs (4:3.4.3-0ubuntu2.2) breezy-security; urgency=low
* SECURITY UPDATE: XSS attacks possible with comment in TITLE tag.
* Add 'debian/patches/kubuntu_90_title_tokenizer.diff': fix parser,
from upstream Subversion.
* References
CVE-2007-0537
-- Kees Cook <email address hidden> Mon, 5 Feb 2007 16:54:26 -0800
-
kdelibs (4:3.4.3-0ubuntu2.1) breezy-security; urgency=low
* SECURITY UPDATE: fix remote browser crash
* KDE Konqueror allows remote attackers to cause a denial
of service (application crash) by calling the replaceChild method on a
DOM object, which triggers a null dereference, as demonstrated by calling
document.replaceChild with a 0 (zero) argument.
* Add kubuntu_00_CVE-2006-3672.diff
* References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3672
http://www.mandriva.com/security/advisories?name=MDKSA-2006:130
-- Jonathan Riddell <email address hidden> Fri, 21 Jul 2006 10:56:12 +0000
-
kdelibs (4:3.4.3-0ubuntu2) breezy-security; urgency=low
* SECURITY UPDATE: kjs encodeuri/decodeuri heap overflow vulnerability
* Add kubuntu_20_post_3.4.3_kdelibs_kjs.diff
* An incorrect bounds check in kjs, the Javascript interpreter
engine used by Konqueror and other parts of KDE, that allows
a heap based buffer overflow when decoding invalid utf8 encoded
URI sequences.
* References:
CVE-2006-0019
http://www.kde.org/info/security/advisory-20060119-1.txt
-- Jonathan Riddell <email address hidden> Wed, 11 Jan 2006 16:33:14 +0000
-
kdelibs (4:3.4.3-0ubuntu1) breezy; urgency=low
* New upstream release
* Move 19_debianize_useragent.diff to
kubuntu_19_debianize_useragent.diff and change string to Kubuntu
* Add kubuntu_08_kdesu_terminal.diff output to terminal by default
-- Jonathan Riddell <email address hidden> Fri, 7 Oct 2005 13:13:04 +0000
-
kdelibs (4:3.4.2-0ubuntu7) breezy; urgency=low
* Do not install system.svgz
-- Jonathan Riddell <email address hidden> Wed, 21 Sep 2005 20:35:59 +0100