Author: geissert Date: 2009-12-12 03:52:41 +0000 (Sat, 12 Dec 2009) New Revision: 13515 Modified: data/CVE/list Log: kde4libs fixed in unstable, adding more info Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-12 03:45:07 UTC (rev 13514) +++ data/CVE/list 2009-12-12 03:52:41 UTC (rev 13515) @@ -1134,13 +1134,14 @@ NOT-FOR-US: OpenDocMan CVE-2009-XXXX [multiple missing input sanity checks in KDE] - kdelibs <unfixed> (low) - - kde4libs <unfixed> (low) + - kde4libs 4:4.3.4-1 (low) [lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited) [etch] - kdelibs <no-dsa> (minor and unlikely to be exploited) NOTE: http://www.ocert.org/advisories/ocert-2009-015.html + NOTE: http://www.portcullis-security.com/advisories NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively) NOTE: but the "fixes" linked from the advisory only change code in kdelibs - NOTE: 4.3.3, which fixes the issue, is due to be released in a week + NOTE: more info at oss-sec threads CVE-2009-3800 RESERVED CVE-2009-3799