Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 529482 (CVE-2014-8600) - <kde-misc/kwebkitpart-1.3.4-r1, <=kde-base/kdebase-kioslaves-4.14.2: Insufficient Input Validation By IO Slaves and Webkit Part (CVE-2014-8600)
Summary: <kde-misc/kwebkitpart-1.3.4-r1, <=kde-base/kdebase-kioslaves-4.14.2: Insuffic...
Status: RESOLVED FIXED
Alias: CVE-2014-8600
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Low minor (vote)
Assignee: Gentoo Security
URL: https://www.kde.org/info/security/adv...
Whiteboard: A4 [noglsa]
Keywords:
Depends on: kde-4.14.3-stable 527438
Blocks:
  Show dependency tree
 
Reported: 2014-11-16 12:41 UTC by Manuel Rüger (RETIRED)
Modified: 2015-05-31 20:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Rüger (RETIRED) gentoo-dev 2014-11-16 12:41:19 UTC 
Alexxy pushed the necessary fixes to the tree. 

Stabilization for kwebkitpart-1.3.4-r1 in bug #527438

Stabilization for kdebase-kioslaves-4.14.2-r1 in bug 517344
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-12-27 01:49:04 UTC 
CVE-2014-8600 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8600):
  Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3
  and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier
  allow remote attackers to inject arbitrary web script or HTML via a crafted
  URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6)
  smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12)
  network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18)
  desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly
  handled in an error message.
Comment 2 Manuel Rüger (RETIRED) gentoo-dev 2014-12-27 19:57:01 UTC 
kde-misc/kwebkitpart: stable versions are fixed now, cleaned up vulnerable.
Comment 3 Johannes Huber (RETIRED) gentoo-dev 2015-02-18 17:50:09 UTC 
Cleanup done. Thanks all.

+
+  18 Feb 2015; Michał Górny <mgorny@gentoo.org>
+  -kdebase-kioslaves-4.12.5.ebuild:
+  Remove KDE SC 4.12
+
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-31 20:16:53 UTC 
GLSA Vote: No
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-05-31 20:17:40 UTC 
GLSA vote: no.

Closing as [noglsa]