cvs commit: ports/x11/kdelibs4 Makefile ports/x11/kdelibs4/files
patch-ocert-2009-015-khtml ports/x11/kdebase4-runtime Makefile
ports/x11/kdebase4-runtime/files patch-ocert-2009-015-kioslave
Martin Wilke
miwi at FreeBSD.org
Tue Nov 3 09:45:47 UTC 2009
miwi 2009-11-03 09:45:47 UTC
FreeBSD ports repository
Modified files:
x11/kdelibs4 Makefile
x11/kdebase4-runtime Makefile
Added files:
x11/kdelibs4/files patch-ocert-2009-015-khtml
x11/kdebase4-runtime/files patch-ocert-2009-015-kioslave
Log:
Secuirty Update:
Ark input sanitization errors:
The KDE archiving tool, Ark, performs insufficient validation
which leads to specially crafted archive files, using unknown
MIME types, to be rendered using a KHTML instance, this can
trigger uncontrolled XMLHTTPRequests to remote sites.
IO Slaves input sanitization errors:
KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer
from directory traversal. It should be noted that the scope of
this issue is limited as the malicious URIs cannot be embedded
in Internet hosted content.
KMail input sanitization errors:
The KDE mail client, KMail, performs insufficient validation which
leads to specially crafted email attachments, using unknown MIME
types, to be rendered using a KHTML instance, this can trigger
uncontrolled XMLHTTPRequests to remote sites.
Submitted by: Eygene Ryabinkin <rea-fbsd at codelabs.ru> (based on)
Approved by: secteam (myself), portmgr
Security: http://www.vuxml.org/freebsd/6f358f5a-c7ea-11de-a9f3-0030843d3802.html
Revision Changes Path
1.227 +1 -1 ports/x11/kdebase4-runtime/Makefile
1.1 +16 -0 ports/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave (new)
1.244 +1 -1 ports/x11/kdelibs4/Makefile
1.1 +117 -0 ports/x11/kdelibs4/files/patch-ocert-2009-015-khtml (new)
More information about the cvs-ports
mailing list