-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 14 Oct 2009 09:57:26 +0200 Source: kdelibs Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs4-doc kdelibs-dbg Architecture: source all i386 Version: 4:3.5.10.dfsg.1-2.1 Distribution: unstable Urgency: high Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Giuseppe Iuculano <iuculano@debian.org> Description: kdelibs - core libraries from the official KDE release kdelibs-data - core shared data for all KDE applications kdelibs-dbg - debugging symbols for kdelibs kdelibs4-dev - development files for the KDE core libraries kdelibs4-doc - developer documentation for the KDE core libraries kdelibs4c2a - core libraries and binaries for all KDE applications Closes: 534949 534949 546212 Changes: kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high . * Non-maintainer upload by the testing Security Team. * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer overflow was found in the KDE implementation of garbage collector for the JavaScript language (KJS). * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming the HTML page <head> element. A remote attacker could use this flaw to cause a denial of service (konqueror crash) or, potentially, execute arbitrary code, with the privileges of the user running "konqueror" web browser, if the victim was tricked to open a specially-crafted HTML page. (Closes: #534949) * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly handled content, forming the value of CSS "style" attribute. A remote attacker could use this flaw to cause a denial of service (konqueror crash) or potentially execute arbitrary code with the privileges of the user running "konqueror" web browser, if the victim visited a specially-crafted CSS equipped HTML page. (Closes: #534949) * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (Closes: #546212) Checksums-Sha1: 504fd9e9dd1ffbbda2b654ad681ba3388ee6c14e 2230 kdelibs_3.5.10.dfsg.1-2.1.dsc d12ff23264c4d4c78835e3389fd8cbdf662dcccc 657806 kdelibs_3.5.10.dfsg.1-2.1.diff.gz 2bf9237e425be86e35661d494abf236808c2d41a 30134 kdelibs_3.5.10.dfsg.1-2.1_all.deb 3bf227f539914b357886aa7345ede1df3d751731 8718404 kdelibs-data_3.5.10.dfsg.1-2.1_all.deb 0981d0e43afee520bf2f9fe73298ba646a5178d0 26876690 kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb 72da39a38c3f0c7d8389ab067d67c50fff71fa47 10306148 kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb 0fb0f0067556a75f01da4c57113fe541a10153cf 1441552 kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb 2641630f70d67eba1b2bfff4f231ffbd69d9d523 26850578 kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb Checksums-Sha256: c9be2e68f7734afd36ad36dfd4e3922d621c9704f76ba6f7e74041a7344db979 2230 kdelibs_3.5.10.dfsg.1-2.1.dsc f03c839ee8890787961411ec4ec8c31a7948946991c398f1532371c2ded52e15 657806 kdelibs_3.5.10.dfsg.1-2.1.diff.gz 7e54dae986afa8f82328d51912ddc4cbab3a3a70a8f7e9df9642c20994f399ab 30134 kdelibs_3.5.10.dfsg.1-2.1_all.deb 43f5de0902b43e8b5de42618c8a6dc0cf66a72fce0f631e176f33e281347f6f2 8718404 kdelibs-data_3.5.10.dfsg.1-2.1_all.deb 038fabef9b00af6b8807d1fb0ffdcb008a8b79ba9125757f9ba96570e6548f4f 26876690 kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb e56fa11511f123272c152c9d52bee746713a845aff9ae221ec350a99f105abef 10306148 kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb 0945488b45e9ee8733dcf81a31189515aac0fed0a27b15c882657c2bf8d7531d 1441552 kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb 75b95353dd45a0e66b40333a0b19d26f4e3838602b782e4e499f2afb84030a30 26850578 kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb Files: 8f021af421cb2d1badfbf3fa43d1a38e 2230 libs optional kdelibs_3.5.10.dfsg.1-2.1.dsc aa060ab549a04763ee2dec80282a3bb1 657806 libs optional kdelibs_3.5.10.dfsg.1-2.1.diff.gz 9ad9183442a86eae391cdae28d43e15a 30134 libs optional kdelibs_3.5.10.dfsg.1-2.1_all.deb 3a24f98d46d4f750e37ee00869f0605f 8718404 libs optional kdelibs-data_3.5.10.dfsg.1-2.1_all.deb 3f22d5422b42a0a87e1ed85135fae9d8 26876690 doc optional kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb debfeb004c10df7412ca24e055186105 10306148 libs optional kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb 4564cd5e347739081afa335d52fa4c5c 1441552 libdevel optional kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb 60b143ce4e602840fc1bf96bb9fe274f 26850578 libdevel extra kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkrVmYgACgkQNxpp46476aqOHwCdEzbBD4cG/QjWu4DWK0UuHzwM c44An06wYnDYXL4LsQfZe1G1GryYwV/z =I17X -----END PGP SIGNATURE----- Accepted: kdelibs-data_3.5.10.dfsg.1-2.1_all.deb to pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-2.1_all.deb kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb to pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb to pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb to pool/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb to pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb kdelibs_3.5.10.dfsg.1-2.1.diff.gz to pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2.1.diff.gz kdelibs_3.5.10.dfsg.1-2.1.dsc to pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2.1.dsc kdelibs_3.5.10.dfsg.1-2.1_all.deb to pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2.1_all.deb