From owner-cvs-all@FreeBSD.ORG  Tue Nov  3 09:45:47 2009
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D0CBE106566B;
	Tue,  3 Nov 2009 09:45:47 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id BEF728FC0C;
	Tue,  3 Nov 2009 09:45:47 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id nA39jlDn011999;
	Tue, 3 Nov 2009 09:45:47 GMT (envelope-from miwi@repoman.freebsd.org)
Received: (from miwi@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id nA39jlB5011998;
	Tue, 3 Nov 2009 09:45:47 GMT (envelope-from miwi)
Message-Id: <200911030945.nA39jlB5011998@repoman.freebsd.org>
From: Martin Wilke <miwi@FreeBSD.org>
Date: Tue, 3 Nov 2009 09:45:47 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/x11/kdelibs4 Makefile ports/x11/kdelibs4/files
 patch-ocert-2009-015-khtml ports/x11/kdebase4-runtime Makefile
 ports/x11/kdebase4-runtime/files patch-ocert-2009-015-kioslave
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2009 09:45:47 -0000

miwi        2009-11-03 09:45:47 UTC

  FreeBSD ports repository

  Modified files:
    x11/kdelibs4         Makefile 
    x11/kdebase4-runtime Makefile 
  Added files:
    x11/kdelibs4/files   patch-ocert-2009-015-khtml 
    x11/kdebase4-runtime/files patch-ocert-2009-015-kioslave 
  Log:
  Secuirty Update:
  
  Ark input sanitization errors:
  The KDE archiving tool, Ark, performs insufficient validation
  which leads to specially crafted archive files, using unknown
  MIME types, to be rendered using a KHTML instance, this can
  trigger uncontrolled XMLHTTPRequests to remote sites.
  
  IO Slaves input sanitization errors:
  KDE protocol handlers perform insufficient input validation, an
  attacker can craft malicious URI that would trigger JavaScript
  execution. Additionally the 'help://' protocol handler suffer
  from directory traversal. It should be noted that the scope of
  this issue is limited as the malicious URIs cannot be embedded
  in Internet hosted content.
  
  KMail input sanitization errors:
  The KDE mail client, KMail, performs insufficient validation which
  leads to specially crafted email attachments, using unknown MIME
  types, to be rendered using a KHTML instance, this can trigger
  uncontrolled XMLHTTPRequests to remote sites.
  
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (based on)
  Approved by:    secteam (myself), portmgr
  Security:       http://www.vuxml.org/freebsd/6f358f5a-c7ea-11de-a9f3-0030843d3802.html
  
  Revision  Changes    Path
  1.227     +1 -1      ports/x11/kdebase4-runtime/Makefile
  1.1       +16 -0     ports/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave (new)
  1.244     +1 -1      ports/x11/kdelibs4/Makefile
  1.1       +117 -0    ports/x11/kdelibs4/files/patch-ocert-2009-015-khtml (new)