-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 09 Aug 2009 18:20:19 +0200 Source: kdelibs Binary: kdelibs4c2a kdelibs kdelibs4-doc kdelibs-dbg kdelibs-data kdelibs4-dev Architecture: source i386 all Version: 4:3.5.5a.dfsg.1-8etch2 Distribution: oldstable-security Urgency: high Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it> Description: kdelibs - core libraries from the official KDE release kdelibs-data - core shared data for all KDE applications kdelibs-dbg - debugging symbols for kdelibs kdelibs4-dev - development files for the KDE core libraries kdelibs4-doc - developer documentation for the KDE core libraries kdelibs4c2a - core libraries and binaries for all KDE applications Closes: 478024 534949 534949 Changes: kdelibs (4:3.5.5a.dfsg.1-8etch2) oldstable-security; urgency=high . * Non-maintainer upload. * Fixed CVE-2008-1671: start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. (Closes: #478024) * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer overflow was found in the KDE implementation of garbage collector for the JavaScript language (KJS). * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming the HTML page <head> element. A remote attacker could use this flaw to cause a denial of service (konqueror crash) or, potentially, execute arbitrary code, with the privileges of the user running "konqueror" web browser, if the victim was tricked to open a specially-crafted HTML page. (Closes: #534949) * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly handled content, forming the value of CSS "style" attribute. A remote attacker could use this flaw to cause a denial of service (konqueror crash) or potentially execute arbitrary code with the privileges of the user running "konqueror" web browser, if the victim visited a specially-crafted CSS equipped HTML page. (Closes: #534949) Files: 0eb586c194525c6efbfda4c7505faf97 1635 libs optional kdelibs_3.5.5a.dfsg.1-8etch2.dsc a3f13367dcadef4749ba0173c8bc5f8e 18684663 libs optional kdelibs_3.5.5a.dfsg.1.orig.tar.gz 1452f9edd815d35268c580caba07c69b 601893 libs optional kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz 8d069056020a0d76c5657105c764c4c4 34590 libs optional kdelibs_3.5.5a.dfsg.1-8etch2_all.deb 93a407c519ffef8ecfb182aadb59a86f 8599236 libs optional kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb 95cdb51e0f3104ff26fe2d3419c79ab7 40223822 doc optional kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb 44d58eccf0d6de0626ee627821aab8b0 9742340 libs optional kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb 415adb54c701be487552a24280e4e1cb 1382698 libdevel optional kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb 9562a77ad5b8dd761c1514bae672c35b 26268130 libdevel extra kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqIjOAACgkQ62zWxYk/rQdUuQCfQLgfv7ck77uSJEA2e14ZXwRj kRsAn2N/pSDtAXjGQJ2L6qsLrH/7v32s =7ma0 -----END PGP SIGNATURE----- Accepted: kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb to pool/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb to pool/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb to pool/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb to pool/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb to pool/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz to pool/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz kdelibs_3.5.5a.dfsg.1-8etch2.dsc to pool/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.dsc kdelibs_3.5.5a.dfsg.1-8etch2_all.deb to pool/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2_all.deb
