Viewing all changes in revision 128.
- Committer: Bazaar Package Importer
- Date: 2009-12-07 15:25:55 UTC
- Revision ID: james.westby@ubuntu.com-20091207152555-ss72l8yt1a9imij4
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
- debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
* SECURITY UPDATE: fix buffer overflow when converting string to float
- debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
expand all
collapse all
added
removed
