Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Jul 2012 10:41:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marc Deslauriers <marc.deslauriers@...onical.com>, coley@...us.mitre.org,
        security@...ntu.com
Subject: Re: CVE Request: KDE Pim

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/13/2012 06:25 AM, Marc Deslauriers wrote:
> Hello,
> 
> Could a CVE please be assigned to the following issue:
> 
> Javascript and external images were being loaded while rendering
> HTML email in kmail. The downloaded Javascript was then being
> interpreted.
> 
> See:
> 
> https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
>
>  https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690
> 
> Thanks,
> 
> Marc.

This seems like a security hardening issue to me, but I'm not a KDE
person so did kdepim advertise itself as not executing JavaScript/etc?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQAE+9AAoJEBYNRVNeJnmTd50QAKPY4gsmPOBN14itVxpFbLa/
etA5qhAbjowB5+w7v14XT/hWCrGooolhsOD9ajhmJOww3UBAe6n29Yrn8nW2h3dY
Fhbr9gez//ZskEPhih0OSte2JtAl2BgQaZdoS32YK8JqSJwmsqy+p4cD1vwc5D2F
auXTXblFAPWMBMLjJofXTtVxcXqdoMh5PZ7gxL3+m0zgP9ofYCfgW7z30BKYy95z
HFYrbPGWKGv7qwnpxCcs7mvWyl7BzlesQipQ1rNAWjDWm44RaJ5SH7lv71qhASSH
DhvzdSFxTyl/Mq+7M+1/xgmIpf0Q7KtdAzKWejh2GxJ+TtpaCldmgEC90PzSluAA
yT4+QgDjufDNpNzIiE6O/ngcF87SdkNeNqCxZauDSMp+x9pUYVgFC++BNtr7iLLx
JPorWHHXeok4GPDfsrHVh4H/L1firwg0+Yba8XFj0j0X2wWp+M1GldgZ6F7KNFnZ
G6cVQuFxQLeG3A0f2zCMKd07AI7myv365h6jcUC7Fbvx7gWqzw41mRSrssmIXGHR
8IN63xH/AQGxn49dc05p4tc0CMj3JX6Jd+oNLRVdWyKr2rnEFKABYXAP143VZ2Vi
KroKezmM9irLiIGYOWtgJjOmEvWWxZhnd0NVB6eVoGjiUtUzPRheaa9NM6IhmtZm
vtnSkf3cVYd1bjsZWyI7
=vzio
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ