kdelibs (4:3.5.10.dfsg.1-3ubuntu2.10.04.1) lucid-security; urgency=low
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416)
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites.
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only.
This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1.
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE n/a
* Fix FTBFS: disable parallel building.
-- Felix Geyer <email address hidden> Fri, 15 Oct 2010 21:19:11 +0200
core libraries from the official KDE release
core shared data for all KDE applications
debugging symbols for kdelibs
development files for the KDE core libraries
core libraries and binaries for all KDE applications