Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42777 - [kdebase-runtime] Insufficient Input Validation security fix
Attached to Project:
Arch Linux
Opened by Andrea Scarpino (BaSh) - Thursday, 13 November 2014, 16:02 GMT
Last edited by Andrea Scarpino (BaSh) - Saturday, 29 November 2014, 08:15 GMT
Opened by Andrea Scarpino (BaSh) - Thursday, 13 November 2014, 16:02 GMT
Last edited by Andrea Scarpino (BaSh) - Saturday, 29 November 2014, 08:15 GMT
|
DetailsDescription:
kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. For example going to bookmarks://hhdhdhhdhdhdh.google.com/'><script>alert('bookmarks'+document.domain);</script>; in Konqueror makes a Javascript alert popup. See also: https://www.kde.org/info/security/advisory-20141113-1.txt 4.14.13 *IS* affected. |
This task depends upon
Closed by Andrea Scarpino (BaSh)
Saturday, 29 November 2014, 08:15 GMT
Reason for closing: Fixed
Additional comments about closing: kdebase-runtime 4.14.3-1
Saturday, 29 November 2014, 08:15 GMT
Reason for closing: Fixed
Additional comments about closing: kdebase-runtime 4.14.3-1