Candidate: CVE-2009-NNN3
PublicDate: 2009-10-27
References: 
 http://www.ocert.org/advisories/ocert-2009-015.html
 http://www.kde.org/info/security/advisory-20091027-1.txt
 https://ubuntu.com/security/notices/USN-871-1
 https://ubuntu.com/security/notices/USN-871-2
Description: 
Ubuntu-Description: 
 Ark and KMail performs insufficient validation which leads to specially
 crafted archive files, using unknown MIME types, to be rendered using a KHTML
 instance, this can trigger uncontrolled XMLHTTPRequests to remote sites
Notes: 
Bugs: 
Priority: low
Discovered-by: Tim Brown
Assigned-to: jdstrand
CVSS: 

Patches_kdelibs:
upstream_kdelibs: needs-triage
dapper_kdelibs: ignored (reached end-of-life)
hardy_kdelibs: released (4:3.5.10-0ubuntu1~hardy1.5)
intrepid_kdelibs: released (4:3.5.10-0ubuntu6.4)
jaunty_kdelibs: released (4:3.5.10.dfsg.1-1ubuntu8.4)
karmic_kdelibs: released (4:3.5.10.dfsg.1-2ubuntu7.2)
lucid_kdelibs: released (4:3.5.10.dfsg.1-2.1ubuntu4)
devel_kdelibs: released (4:3.5.10.dfsg.1-2.1ubuntu4)

Patches_kde4libs:
upstream_kde4libs: released (4.3.80)
dapper_kde4libs: DNE
hardy_kde4libs: ignored (reached end-of-life)
intrepid_kde4libs: released (4:4.1.4-0ubuntu1~intrepid1.5)
jaunty_kde4libs: released (4:4.2.2-0ubuntu5.4)
karmic_kde4libs: released (4:4.3.2-0ubuntu7.2)
lucid_kde4libs: released (4:4.3.80-0ubuntu1)
devel_kde4libs: released (4:4.3.80-0ubuntu1)