Bug#286521: kdelibs: CAN-2004-1145: Konqueror Java Vulnerability

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#286521: kdelibs: CAN-2004-1145: Konqueror Java Vulnerability
From: Adeodato Simó <asp16@alu.ua.es>
Date: Mon, 20 Dec 2004 18:23:54 +0100
Message-id: <[🔎] 20041220172354.GA6675@chistera.yi.org>
Reply-to: Adeodato Simó <asp16@alu.ua.es>, 286521@bugs.debian.org

Package: kdelibs
Version: 4:3.3.1-4
Severity: grave
Tags: security, fixed-in-experimental

  CAN-2004-1145 is about a vulnerability in the Konqueror Java code that
  allows applets to bypass the sandbox environment in which they are run.

  KDE 3.2.3 and 3.3.1 are vulnerable, 3.3.2 is not. The KDE Security
  Advisory [1] provides a patch for KDE 3.2.3, but for KDE 3.3.1 the
  recommended solution is 'upgrade to 3.3.2'.

    [1] http://www.kde.org/info/security/advisory-20041220-1.txt

  We (the members of the KDE Packaging Team) will have over the next
  days a look at the possibilities of backporting the fix. Depending on
  our findings, we'll either upload a fixed kdelibs 3.3.1 or kdelibs
  3.3.2 will have to make its way into sarge (but most likely after the
  3.3.1 transition is complete).

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
A conclusion is simply the place where someone got tired of thinking.

Reply to:

Prev by Date: Bug#273890: kfloppy should use FDSETPRM instead of /dev/fd?[dhu]*
Next by Date: Processing of kdemultimedia_3.3.2-0pre1_i386.changes
Previous by thread: Processed: Re: kfloppy should use FDSETPRM instead of /dev/fd?[dhu]*
Next by thread: Processing of kdemultimedia_3.3.2-0pre1_i386.changes
Index(es):
- Date
- Thread