Changelog
kdelibs (4:3.5.10.dfsg.1-2.1ubuntu1) lucid; urgency=low
* Merge with Debian, remaining changes
- make sure control and control.in are in sync
- --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
- binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
- don't build-dep on libgamin-dev, libfam-dev
- stop kdelibs4-dev depending on gamin/fam
- don't install .svgz icons, docs or all_languages in kdelibs-data.install
- rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
- build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
- cdbs build-dep 0.4.41ubuntu2
- kdelibs4-dev depends on gettext-kde, kdesdk-scripts
- copy debian/icons over
- Make kdelibs4c2a depend on launchpad-integration, sudo. Recommends on xdg-user-dirs
- Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
- remove kdelibs4c2a depends on menu-xdg
- include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
- use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
- build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
- kdelibs-data.install : Add nzb mimetype
- Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
- remove /usr/bin/preparetips, arts files and ksvntopng from kdelibs4-dev.install
- Drop the package kdelibs4-doc completely. It contained API documentation which is now obsolete, but still available via api.kde.org.
- make sure control and control.in are in sync
- in debian/rule remove .pot files outside .po directory
- 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff
kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
* Non-maintainer upload by the testing Security Team.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
(Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. (Closes: #534949)
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
properly handle a '\0' character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority (Closes: #546212)
-- Jonathan Riddell <email address hidden> Mon, 09 Nov 2009 17:43:28 +0000