2922 – Security Update for kdelibs 4.6.5

Bug 2922 - Security Update for kdelibs 4.6.5

Summary: Security Update for kdelibs 4.6.5

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	1
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2011-10-03 18:56 CEST by John Balcaen
Modified:	2011-10-07 14:50 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	kdelibs4-4.6.5-1.2.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description John Balcaen 2011-10-03 18:56:29 CEST

This package provides a security update to kdelibs for CVE-2011-3365
cf http://www.kde.org/info/security/advisory-20111003-1.txt

Advisory 

Â« This package provides security fix for CVE-2011-3365 ( Input Validation Failure ), you can read http://www.kde.org/info/security/advisory-20111003-1.txt for more information.
An additional patch for khtml as been added to kdelibs to ensure that HTML are correctly escaped in the http kioslave Â»

John Balcaen 2011-10-03 19:24:02 CEST

Keywords: (none) => Security
CC: (none) => balcaen.john
Component: Security => RPM Packages

Comment 1 John Balcaen 2011-10-04 17:44:36 CEST

src.rpm : 
kdelibs4-4.6.5-1.2.mga1.src.rpm

List of package
for x86_64
-----------------

kdelibs4-core-4.6.5-1.2.mga1.x86_64.rpm                                                                                                                                       
kdelibs4-devel-4.6.5-1.2.mga1.x86_64.rpm
lib64katepartinterfaces4-4.6.5-1.2.mga1.x86_64.rpm
lib64kcmutils4-4.6.5-1.2.mga1.x86_64.rpm
lib64kde3support4-4.6.5-1.2.mga1.x86_64.rpm
lib64kdecore5-4.6.5-1.2.mga1.x86_64.rpm
lib64kdefakes5-4.6.5-1.2.mga1.x86_64.rpm
lib64kdesu5-4.6.5-1.2.mga1.x86_64.rpm
lib64kdeui5-4.6.5-1.2.mga1.x86_64.rpm
lib64kdewebkit5-4.6.5-1.2.mga1.x86_64.rpm
lib64kdnssd4-4.6.5-1.2.mga1.x86_64.rpm
lib64kemoticons4-4.6.5-1.2.mga1.x86_64.rpm
lib64kfile4-4.6.5-1.2.mga1.x86_64.rpm
lib64khtml5-4.6.5-1.2.mga1.x86_64.rpm
lib64kidletime4-4.6.5-1.2.mga1.x86_64.rpm
lib64kimproxy4-4.6.5-1.2.mga1.x86_64.rpm
lib64kio5-4.6.5-1.2.mga1.x86_64.rpm
lib64kjs4-4.6.5-1.2.mga1.x86_64.rpm
lib64kjsapi4-4.6.5-1.2.mga1.x86_64.rpm
lib64kjsembed4-4.6.5-1.2.mga1.x86_64.rpm
lib64kmediaplayer4-4.6.5-1.2.mga1.x86_64.rpm
lib64knewstuff2_4-4.6.5-1.2.mga1.x86_64.rpm
lib64knewstuff3_4-4.6.5-1.2.mga1.x86_64.rpm
lib64knotifyconfig4-4.6.5-1.2.mga1.x86_64.rpm
lib64kntlm4-4.6.5-1.2.mga1.x86_64.rpm
lib64kparts4-4.6.5-1.2.mga1.x86_64.rpm
lib64kprintutils4-4.6.5-1.2.mga1.x86_64.rpm
lib64kpty4-4.6.5-1.2.mga1.x86_64.rpm
lib64krosscore4-4.6.5-1.2.mga1.x86_64.rpm
lib64krossui4-4.6.5-1.2.mga1.x86_64.rpm
lib64ktexteditor4-4.6.5-1.2.mga1.x86_64.rpm
lib64kunitconversion4-4.6.5-1.2.mga1.x86_64.rpm
lib64kunittest4-4.6.5-1.2.mga1.x86_64.rpm
lib64kutils4-4.6.5-1.2.mga1.x86_64.rpm
lib64nepomuk4-4.6.5-1.2.mga1.x86_64.rpm
lib64nepomukquery4-4.6.5-1.2.mga1.x86_64.rpm
lib64nepomukutils4-4.6.5-1.2.mga1.x86_64.rpm
lib64plasma3-4.6.5-1.2.mga1.x86_64.rpm
lib64solid4-4.6.5-1.2.mga1.x86_64.rpm
lib64threadweaver4-4.6.5-1.2.mga1.x86_64.rpm

for i586
--------------------
kdelibs4-core-4.6.5-1.2.mga1.i586.rpm                                                                                                                                                                         
kdelibs4-devel-4.6.5-1.2.mga1.i586.rpm
libkatepartinterfaces4-4.6.5-1.2.mga1.i586.rpm
libkcmutils4-4.6.5-1.2.mga1.i586.rpm
libkde3support4-4.6.5-1.2.mga1.i586.rpm
libkdecore5-4.6.5-1.2.mga1.i586.rpm
libkdefakes5-4.6.5-1.2.mga1.i586.rpm
libkdesu5-4.6.5-1.2.mga1.i586.rpm
libkdeui5-4.6.5-1.2.mga1.i586.rpm
libkdewebkit5-4.6.5-1.2.mga1.i586.rpm
libkdnssd4-4.6.5-1.2.mga1.i586.rpm
libkemoticons4-4.6.5-1.2.mga1.i586.rpm
libkfile4-4.6.5-1.2.mga1.i586.rpm
libkhtml5-4.6.5-1.2.mga1.i586.rpm
libkidletime4-4.6.5-1.2.mga1.i586.rpm
libkimproxy4-4.6.5-1.2.mga1.i586.rpm
libkio5-4.6.5-1.2.mga1.i586.rpm
libkjs4-4.6.5-1.2.mga1.i586.rpm
libkjsapi4-4.6.5-1.2.mga1.i586.rpm
libkjsembed4-4.6.5-1.2.mga1.i586.rpm
libkmediaplayer4-4.6.5-1.2.mga1.i586.rpm
libknewstuff2_4-4.6.5-1.2.mga1.i586.rpm
libknewstuff3_4-4.6.5-1.2.mga1.i586.rpm
libknotifyconfig4-4.6.5-1.2.mga1.i586.rpm
libkntlm4-4.6.5-1.2.mga1.i586.rpm
libkparts4-4.6.5-1.2.mga1.i586.rpm
libkprintutils4-4.6.5-1.2.mga1.i586.rpm
libkpty4-4.6.5-1.2.mga1.i586.rpm
libkrosscore4-4.6.5-1.2.mga1.i586.rpm
libkrossui4-4.6.5-1.2.mga1.i586.rpm
libktexteditor4-4.6.5-1.2.mga1.i586.rpm
libkunitconversion4-4.6.5-1.2.mga1.i586.rpm
libkunittest4-4.6.5-1.2.mga1.i586.rpm
libkutils4-4.6.5-1.2.mga1.i586.rpm
libnepomuk4-4.6.5-1.2.mga1.i586.rpm
libnepomukquery4-4.6.5-1.2.mga1.i586.rpm
libnepomukutils4-4.6.5-1.2.mga1.i586.rpm
libplasma3-4.6.5-1.2.mga1.i586.rpm
libsolid4-4.6.5-1.2.mga1.i586.rpm
libthreadweaver4-4.6.5-1.2.mga1.i586.rpm

Comment 2 Luan Pham 2011-10-04 18:21:47 CEST

Every thing work fine for Dell Laptop both in i586 and x86_64 using Mageia 1 installation.

CC: (none) => pham182b

Comment 3 claire robinson 2011-10-05 14:58:37 CEST

All seems fine x86_64

Comment 4 claire robinson 2011-10-05 18:55:32 CEST

Everything seems OK i586 too. 

Thanks Luan for testing too :)


Update validated



Advisory 

Â« This package provides security fix for CVE-2011-3365 ( Input Validation
Failure ), for more information please read..

http://www.kde.org/info/security/advisory-20111003-1.txt 

An additional patch for khtml has been added to kdelibs to ensure that HTML is
correctly escaped in the http kioslave Â»

src.rpm : 
kdelibs4-4.6.5-1.2.mga1.src.rpm


Could sysadmin please push from core/updates_testing to core/updates.

Thankyou.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 D Morgan 2011-10-07 14:50:55 CEST

update pushed.

Status: NEW => RESOLVED
CC: (none) => dmorganec
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.