Candidate: CVE-2009-NNN4
PublicDate: 2009-10-27
References: 
 http://www.ocert.org/advisories/ocert-2009-015.html
 http://www.kde.org/info/security/advisory-20091027-1.txt
 https://ubuntu.com/security/notices/USN-872-1
Description: 
Ubuntu-Description: 
 KDE protocol handlers perform insufficient input validation, an attacker can
 craft malicious URI that would trigger JavaScript execution. Additionally the
 'help://' protocol handler suffer from directory traversal. It should be noted
 that the scope of this issue is limited as the malicious URIs cannot be
 embedded in Internet hosted content.
Notes: 
Bugs: 
Priority: low
Discovered-by: Tim Brown
Assigned-to: jdstrand
CVSS: 

Patches_kde4libs:
upstream_kde4libs: released (4:4.2.2-0ubuntu5.2)
dapper_kde4libs: DNE
hardy_kde4libs: ignored (reached end of life)
intrepid_kde4libs: released (4:4.1.4-0ubuntu1~intrepid1.5)
jaunty_kde4libs: not-affected
karmic_kde4libs: not-affected
devel_kde4libs: released (4:4.3.80-0ubuntu1)

Patches_kdebase-runtime:
upstream_kdebase-runtime: released (4.3.80)
dapper_kdebase-runtime: DNE
hardy_kdebase-runtime: ignored (reached end of life)
intrepid_kdebase-runtime: released (4:4.1.4-0ubuntu1~intrepid1.5)
jaunty_kdebase-runtime: released (4:4.2.2-0ubuntu5.4)
karmic_kdebase-runtime: released (4:4.3.2-0ubuntu7.2)
devel_kdebase-runtime: not-affected (4:4.3.80-0ubuntu2)