On Monday 23 January 2006 3:13 pm, Rahul Sundaram wrote: > Follow http://fedoraproject.org/wiki/Security procedures and report it > if its not already done in bugzilla. I suspect the security team is > already tackling this. As reported by Fedora-announce, the patch was released on Fri. If you've updated since Saturday, you're probably fine --- from the announcement: "Update Information: A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. " -- Claude Jones Bluemont, VA, USA