[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#286521: kdelibs: CAN-2004-1145: Konqueror Java Vulnerability

Package: kdelibs
Version: 4:3.3.1-4
Severity: grave
Tags: security, fixed-in-experimental

  CAN-2004-1145 is about a vulnerability in the Konqueror Java code that
  allows applets to bypass the sandbox environment in which they are run.

  KDE 3.2.3 and 3.3.1 are vulnerable, 3.3.2 is not. The KDE Security
  Advisory [1] provides a patch for KDE 3.2.3, but for KDE 3.3.1 the
  recommended solution is 'upgrade to 3.3.2'.

    [1] http://www.kde.org/info/security/advisory-20041220-1.txt

  We (the members of the KDE Packaging Team) will have over the next
  days a look at the possibilities of backporting the fix. Depending on
  our findings, we'll either upload a fixed kdelibs 3.3.1 or kdelibs
  3.3.2 will have to make its way into sarge (but most likely after the
  3.3.1 transition is complete).

Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
A conclusion is simply the place where someone got tired of thinking.

Reply to: