TEMP-0000000-C3D012

NameTEMP-0000000-C3D012
Descriptionmultiple missing input sanity checks in KDE
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kde4libs (PTS)jessie, jessie (lts)4:4.14.2-5+deb8u3fixed
stretch (lts), stretch4:4.14.26-2+deb9u1fixed
buster4:4.14.38-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde4libssource(unstable)4:4.3.4-1low
kdelibssource(unstable)4:3.5.10.dfsg.1-3low

Notes

[lenny] - kde4libs <no-dsa> (Minor issue)
[lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
[etch] - kdelibs <no-dsa> (minor and unlikely to be exploited)
http://www.ocert.org/advisories/ocert-2009-015.html
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/pre-2014-advisories/
advisory mentions kmail and ark (from kdepim and kdeutils, respectively)
but the "fixes" linked from the advisory only change code in kdelibs
more info at oss-sec threads

Search for package or bug name: Reporting problems