Ubuntu
kdelibs package

Change logs for kdelibs source package in Breezy

  1. Breezy (5.10)
  2. Change log 
  • kdelibs (4:3.4.3-0ubuntu2.4) breezy-security; urgency=low

  * SECURITY UPDATE: possible XSS via incorrect UTF8 truncation.
  * Add kubuntu_97_kjs_utf8_fixes.diff: upstream fixes.
  * References
    CVE-2007-0242

 -- Kees Cook <email address hidden>   Tue, 10 Apr 2007 11:19:42 -0700
  • kdelibs (4:3.4.3-0ubuntu2.3) breezy-security; urgency=low

  * SECURITY UPDATE: FTP PASV scanning vulnerability, and JS DoS.
  * Add kubuntu_91_ftp_pasv_scanning.diff
  * References
    ftp://ftp.kde.org/pub/kde/security_patches/CVE-2007-1564-kdelibs-3.4.3.diff
    CVE-2007-1564

 -- Kees Cook <email address hidden>   Tue, 27 Mar 2007 17:08:36 -0700
  • kdelibs (4:3.4.3-0ubuntu2.2) breezy-security; urgency=low

  * SECURITY UPDATE: XSS attacks possible with comment in TITLE tag.
  * Add 'debian/patches/kubuntu_90_title_tokenizer.diff': fix parser,
    from upstream Subversion.
  * References
    CVE-2007-0537

 -- Kees Cook <email address hidden>   Mon,  5 Feb 2007 16:54:26 -0800
  • kdelibs (4:3.4.3-0ubuntu2.1) breezy-security; urgency=low

  * SECURITY UPDATE: fix remote browser crash
  * KDE Konqueror allows remote attackers to cause a denial
    of service (application crash) by calling the replaceChild method on a
    DOM object, which triggers a null dereference, as demonstrated by calling
    document.replaceChild with a 0 (zero) argument.
  * Add kubuntu_00_CVE-2006-3672.diff
  * References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3672
    http://www.mandriva.com/security/advisories?name=MDKSA-2006:130

 -- Jonathan Riddell <email address hidden>   Fri, 21 Jul 2006 10:56:12 +0000
  • kdelibs (4:3.4.3-0ubuntu2) breezy-security; urgency=low


  * SECURITY UPDATE: kjs encodeuri/decodeuri heap overflow vulnerability
  * Add kubuntu_20_post_3.4.3_kdelibs_kjs.diff
  * An incorrect bounds check in kjs, the Javascript interpreter
    engine used by Konqueror and other parts of KDE, that allows 
    a heap based buffer overflow when decoding invalid utf8 encoded 
    URI sequences.
  * References:
     CVE-2006-0019
     http://www.kde.org/info/security/advisory-20060119-1.txt

 -- Jonathan Riddell <email address hidden>  Wed, 11 Jan 2006 16:33:14 +0000
  • kdelibs (4:3.4.3-0ubuntu1) breezy; urgency=low


  * New upstream release
  * Move 19_debianize_useragent.diff to
    kubuntu_19_debianize_useragent.diff and change string to Kubuntu
  * Add kubuntu_08_kdesu_terminal.diff output to terminal by default

 -- Jonathan Riddell <email address hidden>  Fri,  7 Oct 2005 13:13:04 +0000
  • kdelibs (4:3.4.2-0ubuntu7) breezy; urgency=low


  * Do not install system.svgz

 -- Jonathan Riddell <email address hidden>  Wed, 21 Sep 2005 20:35:59 +0100