- Committer: Bazaar Package Importer
- Date: 2009-10-14 09:57:26 UTC
- Revision ID: james.westby@ubuntu.com-20091014095726-ihp29zip0uranw46
* Non-maintainer upload by the testing Security Team.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
(Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. (Closes: #534949)
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
properly handle a '\0' character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority (Closes: #546212)
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
(Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. (Closes: #534949)
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
properly handle a '\0' character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority (Closes: #546212)
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
crystalsvg
|
1 | 19 years ago | Bazaar Package Importer | Import upstream version 3.4.0 |
|
||
|
emoticons
|
1 | 19 years ago | Bazaar Package Importer | Import upstream version 3.4.0 |
|
||
|
hicolor
|
1 | 19 years ago | Bazaar Package Importer | Import upstream version 3.4.0 |
|
||
ksvgtopng.cpp |
1 | 19 years ago | Bazaar Package Importer | Import upstream version 3.4.0 | 973 bytes |
|
|
|
LICENSE.crystalsvg |
2 | 18 years ago | Bazaar Package Importer | Import upstream version 3.5.0 | 1.9 KB |
|
|
|
Makefile.am |
2 | 18 years ago | Bazaar Package Importer | Import upstream version 3.5.0 | 568 bytes |
|
|
|
Makefile.in |
12 | 16 years ago | Bazaar Package Importer | Import upstream version 3.5.9 | 27.5 KB |
|
|