Change logs for kdelibs source package in Squeeze

  • kdelibs (4:3.5.10.dfsg.1-5) unstable; urgency=medium
      * Change by email address to
      * Drop common HTML docs from kdelibs-data package. Instead suggest
        kdelibs5-data which ships them (Closes: #591609). What's more, whoever
        wants to view docs, will have to install khelpcenter4 which pulls in
        kdelibs5-data anyway.
      * Switch to dpkg-source format 3.0 (quilt):
        - drop from debian/rules;
        - add debian/patches/series file.
      * Fix corruption of zip files caused by wrong encoding of umlauts in kzip
        (patch 67_kio_zip_file_encoding.diff). (Closes: #563942) Thanks to Bjoern
        Ricks for the patch.
      * Support opening of KDE 4 khelpcenter in Help -> Handbook. (Closes: #525621)
        Thanks to Ben Burton for the patch.
      * Do not recurse into .pc subdirectory with doxygen 
        (patch debian/patches/02_exclude_pc_from_dox.diff).
      * Urgency=medium due to multiple RC bug fixes.
     -- Modestas Vainius <email address hidden>  Sat, 07 Aug 2010 23:20:21 +0300
  • kdelibs (4:3.5.10.dfsg.1-3) unstable; urgency=high
      +++ Changes by Scott Kitterman (patches from Kubuntu):
      * SECURITY UPDATE: fix buffer overflow when converting string to float.
        - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
          numbers in kjs/dtoa.cpp (Closes: #559265)
        - CVE-2009-0689
      * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability.
       - Ark and KMail performs insufficient validation which leads to
         specially crafted archive files, using unknown MIME types, to be
         rendered using a KHTML instance, this can trigger uncontrolled
         XMLHTTPRequests to remote sites.
       - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
         restricts xmlhttprequest to http protocols only.
       - oCert: #2009-015
       - CVE n/a
      * Fix FTBFS with gcc 4.4.
       - Add debian/patches/gcc4.4_ftbfs.diff (Closes: #556564)
      * Update Vcs* in debian/control for new location.
      +++ Changes by Ana Beatriz Guerrero Lopez:
      * Add a depend on ${shlibs:Depends} to kdelibs5-dev to make lintian happy.
      * Remove Sune from Uploaders per his request.
      * Update Armin and Modestas emails.
     -- Debian Qt/KDE Maintainers <email address hidden>  Mon, 04 Jan 2010 18:32:06 +0100
  • kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
      * Non-maintainer upload by the testing Security Team.
      * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
        overflow was found in the KDE implementation of garbage collector for the
        JavaScript language (KJS).
      * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
        the HTML page <head> element. A remote attacker could use this flaw to
        cause a denial of service (konqueror crash) or, potentially, execute
        arbitrary code, with the privileges of the user running "konqueror" web
        browser, if the victim was tricked to open a specially-crafted HTML page.
        (Closes: #534949)
      * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
        handled content, forming the value of CSS "style" attribute. A remote
        attacker could use this flaw to cause a denial of service (konqueror crash)
        or potentially execute arbitrary code with the privileges of the user
        running "konqueror" web browser, if the victim visited a specially-crafted
        CSS equipped HTML page. (Closes: #534949)
      * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
        properly handle a '\0' character in a domain name in the Subject
        Alternative Name field of an X.509 certificate, which allows
        man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
        certificate issued by a legitimate Certification Authority (Closes: #546212) 
     -- Giuseppe Iuculano <email address hidden>  Wed, 14 Oct 2009 09:57:26 +0200
  • kdelibs (4:3.5.10.dfsg.1-2) unstable; urgency=low
      * Add 64_use_sys_inotify.diff patch to fix ftbfs caused by linux/inotify.
        (Closes: #519881)
     -- Debian Qt/KDE Maintainers <email address hidden>  Wed, 18 Mar 2009 16:59:36 +0100
  • kdelibs (4:3.5.10.dfsg.1-1) unstable; urgency=low
      +++ Changes by Ana Beatriz Guerrero Lopez:
      * New upstream release. 
        - Most of the changes were already provided by the patches:
          - 01_kdelibs_branch_r828883.diff
          - 02_kate_regression_r777286.diff
          - 03_start_kdeinit_integer_overflow.diff (provided for CVE-2008-1671)
          - 05_kate_debianchangelog_default_context_r799980.diff
          - 06_khtml_rendering_r786289.diff
        that have been dropped now.
        - New changes:
          - Changes for showing KDE 3.5.10 instead of 3.5.9 in the KDE apps.
          - Fix while saving sessions for multiple scripts. (KDE SVN r837226, 
            KDE bug 166598).
          - Fix in kdeprint. (KDE SVN r848634)
          - Avoid showing authentication-dialogue being put behind the application 
            window. (KDE SVN r849216, KDE bug 121803).
      +++ Changes by Raúl Sánchez Siles:
      * kdeprint: Wrong initscript name (cupsys instead of cups) (Closes:
      * Fixed 98_buildprep.patch so double compilation works.
      * Fixed wrong http header parsing, added 61_httpheader_backport.diff 
      * Fixed wrong Google Maps rendering, added 62_fix_googlemaps_backport.diff
      * Change dependencies from obsolete libcupsys2-dev to libcups2-dev.
      * konqueror: Crash on eBay page (Closes: #502459) with recently added
     -- Debian Qt/KDE Maintainers <email address hidden>  Sun, 26 Oct 2008 21:21:12 +0100