Summary: | kde-base/konqueror HTMLTokenizer::scriptHandler DoS (CVE-2008-5698) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | esigra |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.milw0rm.com/exploits/6718 | ||
Whiteboard: | B3? [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 271889 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
2008-12-27 13:49:48 UTC
I wonder if KDE upstream cares about these javascript DoS issues? If it's just a client crash, without memory explosion, there's no reason for us to track it. They dont bother with kde3 much. So feel free to do what ever you want with the problem :] It looks like it just trash your browser which is not too much vital :] i have opened stabilization bug for kde 3.5.10, adding it in depend buglist =konqueror-3* is now masked for removal KDE 3 is not in tree any more. CC us again if you need anything. thanks KDE 3 long gone. |