-
kdelibs (4:3.5.10.dfsg.1-5) unstable; urgency=medium
* Change by email address to @debian.org.
* Drop common HTML docs from kdelibs-data package. Instead suggest
kdelibs5-data which ships them (Closes: #591609). What's more, whoever
wants to view docs, will have to install khelpcenter4 which pulls in
kdelibs5-data anyway.
* Switch to dpkg-source format 3.0 (quilt):
- drop simple-patchsys.mk from debian/rules;
- add debian/patches/series file.
* Fix corruption of zip files caused by wrong encoding of umlauts in kzip
(patch 67_kio_zip_file_encoding.diff). (Closes: #563942) Thanks to Bjoern
Ricks for the patch.
* Support opening of KDE 4 khelpcenter in Help -> Handbook. (Closes: #525621)
Thanks to Ben Burton for the patch.
* Do not recurse into .pc subdirectory with doxygen
(patch debian/patches/02_exclude_pc_from_dox.diff).
* Urgency=medium due to multiple RC bug fixes.
-- Modestas Vainius <email address hidden> Sat, 07 Aug 2010 23:20:21 +0300
-
kdelibs (4:3.5.10.dfsg.1-3) unstable; urgency=high
+++ Changes by Scott Kitterman (patches from Kubuntu):
* SECURITY UPDATE: fix buffer overflow when converting string to float.
- debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
numbers in kjs/dtoa.cpp (Closes: #559265)
- CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability.
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites.
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only.
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE n/a
* Fix FTBFS with gcc 4.4.
- Add debian/patches/gcc4.4_ftbfs.diff (Closes: #556564)
* Update Vcs* in debian/control for new location.
+++ Changes by Ana Beatriz Guerrero Lopez:
* Add a depend on ${shlibs:Depends} to kdelibs5-dev to make lintian happy.
* Remove Sune from Uploaders per his request.
* Update Armin and Modestas emails.
-- Debian Qt/KDE Maintainers <email address hidden> Mon, 04 Jan 2010 18:32:06 +0100
-
kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
* Non-maintainer upload by the testing Security Team.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
(Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. (Closes: #534949)
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
properly handle a '\0' character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority (Closes: #546212)
-- Giuseppe Iuculano <email address hidden> Wed, 14 Oct 2009 09:57:26 +0200
-
kdelibs (4:3.5.10.dfsg.1-2) unstable; urgency=low
* Add 64_use_sys_inotify.diff patch to fix ftbfs caused by linux/inotify.
(Closes: #519881)
-- Debian Qt/KDE Maintainers <email address hidden> Wed, 18 Mar 2009 16:59:36 +0100
-
kdelibs (4:3.5.10.dfsg.1-1) unstable; urgency=low
+++ Changes by Ana Beatriz Guerrero Lopez:
* New upstream release.
- Most of the changes were already provided by the patches:
- 01_kdelibs_branch_r828883.diff
- 02_kate_regression_r777286.diff
- 03_start_kdeinit_integer_overflow.diff (provided for CVE-2008-1671)
- 05_kate_debianchangelog_default_context_r799980.diff
- 06_khtml_rendering_r786289.diff
that have been dropped now.
- New changes:
- Changes for showing KDE 3.5.10 instead of 3.5.9 in the KDE apps.
- Fix while saving sessions for multiple scripts. (KDE SVN r837226,
KDE bug 166598).
- Fix in kdeprint. (KDE SVN r848634)
- Avoid showing authentication-dialogue being put behind the application
window. (KDE SVN r849216, KDE bug 121803).
+++ Changes by Raúl Sánchez Siles:
* kdeprint: Wrong initscript name (cupsys instead of cups) (Closes:
#496110)
* Fixed 98_buildprep.patch so double compilation works.
* Fixed wrong http header parsing, added 61_httpheader_backport.diff
* Fixed wrong Google Maps rendering, added 62_fix_googlemaps_backport.diff
* Change dependencies from obsolete libcupsys2-dev to libcups2-dev.
* konqueror: Crash on eBay page (Closes: #502459) with recently added
63_fixed-layout-table.diff
-- Debian Qt/KDE Maintainers <email address hidden> Sun, 26 Oct 2008 21:21:12 +0100
