-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-28
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 25 Apr 2007
 Last revised: 25 Apr 2007

 Package: kdelibs

 Summary: UTF-8 sequences

 More information:
    KDE libraries is a comprehensive family of ready to use components for
    building highly integrated, network-enabled desktop applications.

    Remote attackers to conduct cross-site scripting (XSS) attacks.
    
 Impact:
    KJS where UTF8 decoding did not reject overlong sequences.

 Affected Products:
    - wizpy
    - Turbolinux FUJI

 <wizpy>

   Source Packages
   Size: MD5

   kdelibs-3.4.2-26.src.rpm
     16988512 e1e79407b594b06ee6ffc2994913db61

   Binary Packages
   Size: MD5

   kdelibs-3.4.2-26.i386.rpm
     16354431 fe59846ac21ccac4fe2d204ea017f399

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   kdelibs-3.4.2-26.src.rpm
     16988512 506ad5a0a0de4326e08133eee3187739

   Binary Packages
   Size: MD5

   kdelibs-3.4.2-26.i686.rpm
     18608473 59b798f7f7829fae537e80c9cf9fd8d7
   kdelibs-devel-3.4.2-26.i686.rpm
      1547204 ebe6b2755574e41cf232cdb2674c4d19


 References:

 CVE
   [CVE-2007-0242]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242

 --------------------------------------------------------------------------
 Revision History
    25 Apr 2007 Initial release
 --------------------------------------------------------------------------
 
 Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGLyGHK0LzjOqIJMwRAsmFAKCV0M0zRyZiuYsBYmnrJSGyxTj4OgCgnX4I
Yk0ecemH9kCxUqlBZ5p3jZI=
=TaQr
-----END PGP SIGNATURE-----