kdelibs 4:3.5.10.dfsg.1-2.1ubuntu1 source package in Ubuntu


kdelibs (4:3.5.10.dfsg.1-2.1ubuntu1) lucid; urgency=low

  * Merge with Debian, remaining changes
   - make sure control and control.in are in sync
   - --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
   - binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
   - don't build-dep on libgamin-dev, libfam-dev
   - stop kdelibs4-dev depending on gamin/fam
   - don't install .svgz icons, docs or all_languages in kdelibs-data.install
   - rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
   - build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
   - cdbs build-dep 0.4.41ubuntu2
   - kdelibs4-dev depends on gettext-kde, kdesdk-scripts
   - copy debian/icons over
   - Make kdelibs4c2a depend on launchpad-integration, sudo.  Recommends on xdg-user-dirs
   - Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
   - remove kdelibs4c2a depends on menu-xdg
   - include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
   - use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
   - build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
   - kdelibs-data.install : Add nzb mimetype
   - Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
   - remove /usr/bin/preparetips, arts files and ksvntopng from kdelibs4-dev.install
   - Drop the package kdelibs4-doc completely. It contained API documentation  which is now obsolete, but still available via api.kde.org.
   - make sure control and control.in are in sync
   - in debian/rule remove .pot files outside .po directory
   - 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff

kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high

  * Non-maintainer upload by the testing Security Team.
  * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
    overflow was found in the KDE implementation of garbage collector for the
    JavaScript language (KJS).
  * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
    the HTML page <head> element. A remote attacker could use this flaw to
    cause a denial of service (konqueror crash) or, potentially, execute
    arbitrary code, with the privileges of the user running "konqueror" web
    browser, if the victim was tricked to open a specially-crafted HTML page.
    (Closes: #534949)
  * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
    handled content, forming the value of CSS "style" attribute. A remote
    attacker could use this flaw to cause a denial of service (konqueror crash)
    or potentially execute arbitrary code with the privileges of the user
    running "konqueror" web browser, if the victim visited a specially-crafted
    CSS equipped HTML page. (Closes: #534949)
  * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
    properly handle a '\0' character in a domain name in the Subject
    Alternative Name field of an X.509 certificate, which allows
    man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
    certificate issued by a legitimate Certification Authority (Closes: #546212)
 -- Jonathan Riddell <email address hidden>   Mon, 09 Nov 2009 17:43:28 +0000

Upload details

Uploaded by:
Jonathan Riddell on 2009-11-10
Uploaded to:
Original maintainer:
Kubuntu Members
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
kdelibs_3.5.10.dfsg.1.orig.tar.gz 17.8 MiB 09119022c615547284beaa262ccc06fc9328f1dc66ebd030ab97d66819eb9f0d
kdelibs_3.5.10.dfsg.1-2.1ubuntu1.diff.gz 779.8 KiB 5f3469ff82500e4636628822c5f0f270b9c81537b7adf5c4b1366739f2399a76
kdelibs_3.5.10.dfsg.1-2.1ubuntu1.dsc 2.3 KiB a09dd65ef4cd1f28aa1b6105683fe3ac559d3d25c7bdfa7899ec4346aea4833c

View changes file

Binary packages built by this source