Bug#286521: kdelibs: CAN-2004-1145: Konqueror Java Vulnerability
Tags: security, fixed-in-experimental
CAN-2004-1145 is about a vulnerability in the Konqueror Java code that
allows applets to bypass the sandbox environment in which they are run.
KDE 3.2.3 and 3.3.1 are vulnerable, 3.3.2 is not. The KDE Security
Advisory  provides a patch for KDE 3.2.3, but for KDE 3.3.1 the
recommended solution is 'upgrade to 3.3.2'.
We (the members of the KDE Packaging Team) will have over the next
days a look at the possibilities of backporting the fix. Depending on
our findings, we'll either upload a fixed kdelibs 3.3.1 or kdelibs
3.3.2 will have to make its way into sarge (but most likely after the
3.3.1 transition is complete).
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
A conclusion is simply the place where someone got tired of thinking.