Bug#286521: kdelibs: CAN-2004-1145: Konqueror Java Vulnerability
Package: kdelibs
Version: 4:3.3.1-4
Severity: grave
Tags: security, fixed-in-experimental
CAN-2004-1145 is about a vulnerability in the Konqueror Java code that
allows applets to bypass the sandbox environment in which they are run.
KDE 3.2.3 and 3.3.1 are vulnerable, 3.3.2 is not. The KDE Security
Advisory [1] provides a patch for KDE 3.2.3, but for KDE 3.3.1 the
recommended solution is 'upgrade to 3.3.2'.
[1] http://www.kde.org/info/security/advisory-20041220-1.txt
We (the members of the KDE Packaging Team) will have over the next
days a look at the possibilities of backporting the fix. Depending on
our findings, we'll either upload a fixed kdelibs 3.3.1 or kdelibs
3.3.2 will have to make its way into sarge (but most likely after the
3.3.1 transition is complete).
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
A conclusion is simply the place where someone got tired of thinking.
Reply to: