-
kdelibs (4:3.5.10.dfsg.1-2ubuntu7.2) karmic-security; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
-- Jamie Strandboge <email address hidden> Mon, 07 Dec 2009 15:14:25 -0600
-
kdelibs (4:3.5.10.dfsg.1-2ubuntu7) karmic; urgency=low
* Move the pot removal to common-binary-predeb-indep so it does not
cause mid-build break, also prevent it from removing pot files that reside
in ./debian/, to prevent dh_install from failing (LP: #432378)
-- Harald Sitter <email address hidden> Sat, 19 Sep 2009 00:02:34 +0200
-
kdelibs (4:3.5.10.dfsg.1-2ubuntu6) karmic; urgency=low
* Nuke all the pots outside the po directory. qt-messages.pot is getting
merged into the main kdelibs.pot but the fancy importer app thinks that
it is a good idea to import all pots to be found anywhere within the
source tree. Thus it also imports qt-messages.pot which is then duplicated
with kdelibs.pot (also imported obviously). qt-messages.pot should also be
removed from LP (LP: #432378)
-- Harald Sitter <email address hidden> Fri, 18 Sep 2009 23:04:42 +0200
-
kdelibs (4:3.5.10.dfsg.1-2ubuntu5) karmic; urgency=low
* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
Names field of X.509 certificates
- debian/patches/security_04_CVE-2009-2702.diff: verify that the
QString length of the SAN is not shorter than the ASN1 length
- CVE-2009-2702
* kubuntu_glibc_2.8_ftbfs.diff: fix FTBFS when using gcc 4.4 or higher
* Following patches forward ported from http://www.ubuntu.com/usn/USN-822-1
(by Marc Deslauriers)
* SECURITY UPDATE: arbitrary code execution via JavaScript garbage
collector allocation failures
- debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
overflow before doing the realloc in kjs/collector.cpp.
- CVE-2009-1687
* SECURITY UPDATE: arbitrary code execution via use-after-free
- debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
htmlparser,Platform,RefPtr}.h.
- CVE-2009-1690
* SECURITY UPDATE: arbitrary code execution via CSS attr function call
with a large numerical argument
- debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
khtml/css/css_valueimpl.cpp.
- CVE-2009-1698
-- Jamie Strandboge <email address hidden> Tue, 15 Sep 2009 14:38:04 -0500
-
kdelibs (4:3.5.10.dfsg.1-2ubuntu4) karmic; urgency=low
* Add build-dep on pkg-kde-tools so we have /usr/bin/extract* and the
package will build
-- Scott Kitterman <email address hidden> Mon, 27 Jul 2009 13:55:47 -0400
-
kdelibs (4:3.5.10.dfsg.1-2ubuntu3) karmic; urgency=low
* Ensure patches apply
-- Jonathan Riddell <email address hidden> Mon, 25 May 2009 12:02:32 +0100
-
kdelibs (4:3.5.10.dfsg.1-2ubuntu2) karmic; urgency=low
* Do not install usr/share/locale/all_languages and add depends on
kdelibs5-data, Closes LP: #374248
-- Jonathan Riddell <email address hidden> Mon, 25 May 2009 11:27:40 +0100
-
kdelibs (4:3.5.10.dfsg.1-2ubuntu1) karmic; urgency=low
* Merge with Debian, remaining changes in KUBUNTU-DEBIAN-CHANGES
* Don't add 64_use_sys_inotify.diff, we already have kubuntu_glibc_2.8_ftbfs.diff
kdelibs (4:3.5.10.dfsg.1-2) unstable; urgency=low
* Add 64_use_sys_inotify.diff patch to fix ftbfs caused by linux/inotify.
(Closes: #519881)
-- Jonathan Riddell <email address hidden> Thu, 30 Apr 2009 12:49:44 +0000
-
kdelibs (4:3.5.10.dfsg.1-1ubuntu8) jaunty; urgency=low
* Don't build with arts support (LP: #320915)
* Don't build apidox. We don't install them anyway
-- Harald Sitter <email address hidden> Sat, 24 Jan 2009 20:28:13 +0100
