Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42776 - [kio-extras] Insufficient Input Validation security fix
Attached to Project:
Arch Linux
Opened by Andrea Scarpino (BaSh) - Thursday, 13 November 2014, 16:01 GMT
Last edited by Andrea Scarpino (BaSh) - Friday, 14 November 2014, 13:06 GMT
Opened by Andrea Scarpino (BaSh) - Thursday, 13 November 2014, 16:01 GMT
Last edited by Andrea Scarpino (BaSh) - Friday, 14 November 2014, 13:06 GMT
|
DetailsDescription:
kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. For example going to bookmarks://hhdhdhhdhdhdh.google.com/'><script>alert('bookmarks'+document.domain);</script>;; in Konqueror makes a Javascript alert popup. See also https://www.kde.org/info/security/advisory-20141113-1.txt |
This task depends upon
Closed by Andrea Scarpino (BaSh)
Friday, 14 November 2014, 13:06 GMT
Reason for closing: Fixed
Additional comments about closing: kio-extras 5.1.1-2
Friday, 14 November 2014, 13:06 GMT
Reason for closing: Fixed
Additional comments about closing: kio-extras 5.1.1-2