Format: 1.7 Date: Thu, 20 Aug 2009 16:47:35 -0400 Source: kdelibs Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs4-doc kdelibs-dbg Architecture: amd64_translations amd64 Version: 4:3.5.10-0ubuntu1~hardy1.2 Distribution: hardy Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: kdelibs - core libraries from the official KDE release kdelibs-data - core shared data for all KDE applications kdelibs-dbg - debugging symbols for kdelibs kdelibs4-dev - development files for the KDE core libraries kdelibs4-doc - developer documentation for the KDE core libraries kdelibs4c2a - core libraries and binaries for all KDE applications Changes: kdelibs (4:3.5.10-0ubuntu1~hardy1.2) hardy-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via JavaScript garbage collector allocation failures - debian/patches/security_01_CVE-2009-1687.diff: make sure we don't overflow before doing the realloc in kjs/collector.cpp. - CVE-2009-1687 * SECURITY UPDATE: arbitrary code execution via use-after-free - debian/patches/security_02_CVE-2009-1690.diff: use head.get() in khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline, htmlparser,Platform,RefPtr}.h. - CVE-2009-1690 * SECURITY UPDATE: arbitrary code execution via CSS attr function call with a large numerical argument - debian/patches/security_03_CVE-2009-1698.diff: add extra checks to khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in khtml/css/css_valueimpl.cpp. - CVE-2009-1698 Files: 6f000f141bf6979d34cf1257840fdc2f 195939 raw-translations - kdelibs_3.5.10-0ubuntu1~hardy1.2_amd64_translations.tar.gz 04e9b1429bb914d202bfedfc652dab2f 10654972 libs optional kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_amd64.deb 739025e9a5f87b174b1b099b8c1f3e4f 1381550 libdevel optional kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_amd64.deb 806e9679c84113d44a6fdcb3827e22b6 26758194 libdevel extra kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_amd64.deb Original-Maintainer: Debian Qt/KDE Maintainers