-
kdelibs (4:3.5.10.dfsg.1-1ubuntu8.4) jaunty-security; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
-- Jamie Strandboge <email address hidden> Mon, 07 Dec 2009 15:10:37 -0600
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu8.2) jaunty-security; urgency=low
* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
Names field of X.509 certificates
- debian/patches/security_04_CVE-2009-2702.diff: verify that the
QString length of the SAN is not shorter than the ASN1 length
- CVE-2009-2702
-- Jamie Strandboge <email address hidden> Tue, 15 Sep 2009 15:03:15 -0500
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu8.1) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via JavaScript garbage
collector allocation failures
- debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
overflow before doing the realloc in kjs/collector.cpp.
- CVE-2009-1687
* SECURITY UPDATE: arbitrary code execution via use-after-free
- debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
htmlparser,Platform,RefPtr}.h.
- CVE-2009-1690
* SECURITY UPDATE: arbitrary code execution via CSS attr function call
with a large numerical argument
- debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
khtml/css/css_valueimpl.cpp.
- CVE-2009-1698
* debian/control{.in}: Added pkg-kde-tools to Build-Depends to fix FTBFS
-- Marc Deslauriers <email address hidden> Fri, 21 Aug 2009 08:17:26 -0400
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu8) jaunty; urgency=low
* Don't build with arts support (LP: #320915)
* Don't build apidox. We don't install them anyway
-- Harald Sitter <email address hidden> Sat, 24 Jan 2009 20:28:13 +0100
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu7) jaunty; urgency=low
* Don't install anything to usr/share/doc/kde/HTML, this path will now be
used by KDE 4 (drop all content in favor of KDE 4) (LP: #284915)
* Drop the package kdelibs4-doc completely. It contained API documentation
which is now obsolete, but still available via api.kde.org.
-- Harald Sitter <email address hidden> Sun, 18 Jan 2009 20:37:31 +0100
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu6) jaunty; urgency=low
* Add kubuntu_98_fix_khc_invocation.diff to invoke khelpcenter's exectuable
directly instead of trying to access it via DCOP or start it using it's
service file. Both are not available without KDE 3's kdebase (LP: #310135)
-- Harald Sitter <email address hidden> Sun, 18 Jan 2009 14:24:38 +0100
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu5) jaunty; urgency=low
* Add back 97_automake_cleanup.diff (as kubuntu_97_automake_cleanup.diff),
needed to make libkhtml link to libkjs
-- Jonathan Riddell <email address hidden> Wed, 10 Dec 2008 18:29:29 +0000
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu4) jaunty; urgency=low
* Added kubuntu_arm_ftbfs.diff (LP: #300873)
- Fixed ARM FTBFS by adding missing headers
-- Michael Casadevall <email address hidden> Fri, 21 Nov 2008 13:16:05 -0500
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu3) jaunty; urgency=low
* Fix build failure, due to missing header includes.
-- Matthias Klose <email address hidden> Thu, 20 Nov 2008 12:11:25 +0100
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu2) jaunty; urgency=low
* Added kubuntu_glibc_2.8_ftbfs.diff
- Corrected FTBFS due to inotify/glibc headers mismatch (LP: #299909)
* Updated kubuntu_51_launchpad_integration.diff
- Explicately added #include <kstandarddirs.h> in khelpmenu.cpp to
resolve a FTBFS on armel
-- Michael Casadevall <email address hidden> Wed, 19 Nov 2008 16:34:30 -0500
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu1) jaunty; urgency=low
* Merge with Debian, remaining changes:
- --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
- binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
- don't build-dep on libgamin-dev, libfam-dev
- stop kdelibs4-dev depending on gamin/fam
- don't install .svgz icons in kdelibs-data.install
- rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
- build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
- cdbs build-dep 0.4.41ubuntu2
- kdelibs4-dev depends on gettext-kde, kdesdk-scripts
- copy debian/icons over
- Make kdelibs4c2a depend on launchpad-integration, sudo. Recommends on xdg-user-dirs
- Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
- remove kdelibs4c2a depends on menu-xdg
- include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
- use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
- build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
- kdelibs-data.install : Add nzb mimetype
- Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
- remove /usr/bin/preparetips from kdelibs4-dev package
- Remove ksvgtopng from kdelibs4-dev (conflicts with kdebase-runtime)
* Remove kubuntu_66_konsole_pty.diff, no longer needed
kdelibs (4:3.5.10.dfsg.1-1) unstable; urgency=low
+++ Changes by Ana Beatriz Guerrero Lopez:
* New upstream release.
- Most of the changes were already provided by the patches:
- 01_kdelibs_branch_r828883.diff
- 02_kate_regression_r777286.diff
- 03_start_kdeinit_integer_overflow.diff (provided for CVE-2008-1671)
- 05_kate_debianchangelog_default_context_r799980.diff
- 06_khtml_rendering_r786289.diff
that have been dropped now.
- New changes:
- Changes for showing KDE 3.5.10 instead of 3.5.9 in the KDE apps.
- Fix while saving sessions for multiple scripts. (KDE SVN r837226,
KDE bug 166598).
- Fix in kdeprint. (KDE SVN r848634)
- Avoid showing authentication-dialogue being put behind the application
window. (KDE SVN r849216, KDE bug 121803).
+++ Changes by Raúl Sánchez Siles:
* kdeprint: Wrong initscript name (cupsys instead of cups) (Closes:
#496110)
* Fixed 98_buildprep.patch so double compilation works.
* Fixed wrong http header parsing, added 61_httpheader_backport.diff
* Fixed wrong Google Maps rendering, added 62_fix_googlemaps_backport.diff
* Change dependencies from obsolete libcupsys2-dev to libcups2-dev.
* konqueror: Crash on eBay page (Closes: #502459) with recently added
63_fixed-layout-table.diff
-- Jonathan Riddell <email address hidden> Thu, 06 Nov 2008 13:18:46 +0000
-
kdelibs (4:3.5.10-0ubuntu6) intrepid; urgency=low
* Don't install launchpad.png icon, now in kdelibs5-data
-- Jonathan Riddell <email address hidden> Mon, 06 Oct 2008 15:39:39 +0100