kde4libs 4:4.2.4-0ubuntu1~jaunty2 source package in Ubuntu

Changelog

kde4libs (4:4.2.4-0ubuntu1~jaunty2) jaunty-backports; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
    Names field of X.509 certificates
    - debian/patches/CVE-2009-2702.diff: verify that the QString length of the
      SAN is not shorter than the ASN1 length
    - CVE-2009-2702

  [ Jonathan Riddell ]
  * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
    overflow was found in the KDE implementation of garbage collector for the
    JavaScript language (KJS).
  * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
    the HTML page <head> element. A remote attacker could use this flaw to
    cause a denial of service (konqueror crash) or, potentially, execute
    arbitrary code, with the privileges of the user running "konqueror" web
    browser, if the victim was tricked to open a specially-crafted HTML page.
  * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
    handled content, forming the value of CSS "style" attribute. A remote
    attacker could use this flaw to cause a denial of service (konqueror crash)
    or potentially execute arbitrary code with the privileges of the user
    running "konqueror" web browser, if the victim visited a specially-crafted
    CSS equipped HTML page.

  [ Marc Deslauriers ]
  * SECURITY UPDATE: arbitrary code execution via document with SVGPathList
    data structure containing a negative index
    - debian/patches/CVE-2009-0945.diff: make sure index is sane in
      khtml/svg/SVGList.h.
    - CVE-2009-0945

  [ Scott Kitterman ]
  * Update backport with security fixes

 -- Scott Kitterman <email address hidden>   Sun, 27 Sep 2009 12:28:20 -0400