Format: 1.8 Date: Mon, 07 Dec 2009 18:26:59 +0000 Source: kdebase-runtime Binary: kdebase-runtime kdebase-runtime-bin-kde4 kdebase-runtime-data kdebase-runtime-data-common khelpcenter4 khelpcenter kde-icons-oxygen kdebase-runtime-dbg phonon-backend-xine Architecture: amd64_translations amd64 Version: 4:4.1.4-0ubuntu1~intrepid1.2 Distribution: intrepid Urgency: low Maintainer: Ubuntu/amd64 Build Daemon <buildd@crested.buildd> Changed-By: Jonathan Riddell <jriddell@ubuntu.com> Description: kde-icons-oxygen - Oxygen icon theme for KDE 4 kdebase-runtime - runtime components from the official KDE 4 release kdebase-runtime-bin-kde4 - core binaries for the KDE 4 base runtime module kdebase-runtime-data - shared data files for the KDE 4 base runtime module kdebase-runtime-data-common - shared data files for the KDE 4 base runtime module kdebase-runtime-dbg - debugging symbols for KDE 4 base runtime module khelpcenter - metapackage for the help center for KDE4 khelpcenter4 - Help Center for KDE 4 phonon-backend-xine - Phonon Xine 1.1.x backend Changes: kdebase-runtime (4:4.1.4-0ubuntu1~intrepid1.2) intrepid-security; urgency=low . * SECURITY UPDATE: IO Slaves input sanitization errors - KDE protocol handlers perform insufficient input validation, an attacker can craft malicious URI that would trigger JavaScript execution. Additionally the 'help://' protocol handler suffer from directory traversal. It should be noted that the scope of this issue is limited as the malicious URIs cannot be embedded in Internet hosted content. - Add security_01_info_kio_no_javascript.diff, stops javascript within info kio slave - http://www.kde.org/info/security/advisory-20091027-1.txt - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html - CVE n/a Checksums-Sha1: bcb952fcabd550cac0603ab7508c4d6994628c34 44663 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2_amd64_translations.tar.gz b4f012586dd66abe17b236b3e2a7e72eac8a6e6a 1688916 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 37ab22f3d316a3cde3f98ed1f0b557bd56bad7ac 70162 kdebase-runtime-bin-kde4_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 5cfbacfa1fd26791a650a12013f597185017caa9 1875854 khelpcenter4_4.1.4-0ubuntu1~intrepid1.2_amd64.deb fc9029ded9b2fa166a25b60a5430b686016712c8 15910 khelpcenter_4.1.4-0ubuntu1~intrepid1.2_amd64.deb c5d07b5955120359ec7c8b9a08572b11ce764f73 11920218 kdebase-runtime-dbg_4.1.4-0ubuntu1~intrepid1.2_amd64.deb b7ae22879a563a1df6857c10ce7ac5d2af84654d 172540 phonon-backend-xine_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Checksums-Sha256: 1962ac61dc3fe69d335acbff80cbe0ef5721f769ad4cc8ee94b1675094ebf2e1 44663 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2_amd64_translations.tar.gz 5f75dfade8f5d678ad9ecbc3233be40464d6856aa73007cc4686c4c709c3bbdd 1688916 kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 4c71be563f32e2fb9bfc648ab416228f15d78f5acb79e319853580e6d2091b35 70162 kdebase-runtime-bin-kde4_4.1.4-0ubuntu1~intrepid1.2_amd64.deb d77ef30ab329a1f21bd8512bc2360b67478127342c026243934b08ac8f7e005a 1875854 khelpcenter4_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 2e11f332ea57f2e53a5d7bc2cb4012719100a17b211972067face41182f3d44f 15910 khelpcenter_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 94fb2977cfbeac79222203a7c03a2bdc1c563b90013c6e77662264e1b6ef709e 11920218 kdebase-runtime-dbg_4.1.4-0ubuntu1~intrepid1.2_amd64.deb e01010559ed97b50703db1ec78a7fae3a47db05b430e6e8bcab46ecaf297749f 172540 phonon-backend-xine_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Files: 5db03bf4e75ada6c192b4bbfcd33ff3d 44663 raw-translations - kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2_amd64_translations.tar.gz ac321645399d1202cdfaae464748fc89 1688916 kde optional kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2_amd64.deb ebeb319d74ad0252bbf12462c13de95f 70162 kde optional kdebase-runtime-bin-kde4_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 3b5792d1d65fffd5f09328a196fde58f 1875854 kde optional khelpcenter4_4.1.4-0ubuntu1~intrepid1.2_amd64.deb c890a2e850b2f847b091b108b0615b9c 15910 kde optional khelpcenter_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 33ff88e2a7c2803c88ded6600631edfc 11920218 devel extra kdebase-runtime-dbg_4.1.4-0ubuntu1~intrepid1.2_amd64.deb 1742ffe7ffcdce4527722cd6ce8391ac 172540 sound optional phonon-backend-xine_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>