| Name | TEMP-0000000-C3D012 |
| Description | multiple missing input sanity checks in KDE |
| Source | Automatically generated temporary name. Not for external reference. |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| kde4libs (PTS) | jessie, jessie (lts) | 4:4.14.2-5+deb8u3 | fixed |
| stretch (lts), stretch | 4:4.14.26-2+deb9u1 | fixed |
| buster | 4:4.14.38-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| kde4libs | source | (unstable) | 4:4.3.4-1 | low | | |
| kdelibs | source | (unstable) | 4:3.5.10.dfsg.1-3 | low | | |
Notes
[lenny] - kde4libs <no-dsa> (Minor issue)
[lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
[etch] - kdelibs <no-dsa> (minor and unlikely to be exploited)
http://www.ocert.org/advisories/ocert-2009-015.html
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/pre-2014-advisories/
advisory mentions kmail and ark (from kdepim and kdeutils, respectively)
but the "fixes" linked from the advisory only change code in kdelibs
more info at oss-sec threads