Branches for Intrepid

Author: Harald Sitter
Revision Date: 2008-10-18 03:14:56 UTC

* Remove 12_deprecate_applnk.diff, it was the cause of all the problems with
  non-kde4 applications we had (broken icons, duplicated entries etc.)
  (LP: #254688, #268800)
* Add kubuntu_11_fix_openwithdialog.diff to increase reliability of
  kopenwithdialog. Without the patch it creates KService objects using
  findByName, which is wrong whenever there is a non-application service
  type with the same name as the application (e.g. Kontact and kontactconfig)

Author: Jonathan Thomas
Revision Date: 2009-04-28 21:21:41 UTC

Update kubuntu_69_do_not_show_plasma_popups_over_screensaver.diff so
that Plasma PopupDialogs don't get broken

Author: Harald Sitter
Revision Date: 2009-01-07 15:29:18 UTC

* New upstream release
* Update kubuntu_06_user_disk_mounting.diff
* Remove (applied upstream):
  - kubuntu_12_http_cache_cleaner.diff
  - kubuntu_09_fix_application_menu.diff
  - kubuntu_12_khtmlimagepart_linking.diff

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:23:45 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
  - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
    numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX
 * SECURITY UPDATE: kio help URL validation
  - the 'help://' protocol handler suffer from directory traversal.
  - Add debian/patches/security_03_kioslave_input_validation.diff to
    verify the URL
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:23:45 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
  - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
    numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX
 * SECURITY UPDATE: kio help URL validation
  - the 'help://' protocol handler suffer from directory traversal.
  - Add debian/patches/security_03_kioslave_input_validation.diff to
    verify the URL
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX