On Fri, 3 Feb 2006, David Houlder wrote: > Hi... > > Am I right in thinking that this... > http://www.kde.org/info/security/advisory-20060119-1.txt > ...currently affects FC3? > Thanks > Kdelibs packages remain available for testing in updates-testing that fix that. FC2 and FC3 kdelibs is vulnerable to CVE-2006-0019, the KDE javascript vulnerability. Since the konqueror web-browser uses kdelibs, then konqueror for FC2 & FC3 is also vulnerable to this (until kdelibs is updated). Red Hat's update that fixes CVE-2006-0019 in Red Hat Enterprise Linux has been rated as having critical security impact by the Red Hat Security Response Team. Kdelibs packages are also in testing for other vulnerabilities for RHL 7.3, RHL 9, and FC1. The more votes these packages get, the sooner we can release them. References: * "Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI." <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019> * Announcement of KDE packages needing downloading and testing: <http://www.redhat.com/archives/fedora-legacy-list/2006-March/msg00002.html> * Bugzilla ticket for this and other kdelibs issues: <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178606> Thanks. Kind regards, David Eisenstein -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
