lp://staging/ubuntu/intrepid-security/kde4libs
- Get this branch:
- bzr branch lp://staging/ubuntu/intrepid-security/kde4libs
Branch merges
Related source package recipes
Branch information
Recent revisions
- 96. By Jamie Strandboge
-
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
- debian/patches/ CVE-2009- 0689.diff: adjust Kmax to handle large field
numbers in kjs/dtoa.cpp
- CVE-2009-0689[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/ security_ 02_XMLHttpReque st_vulnerabilit y.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde. org/info/ security/ advisory- 20091027- 1.txt
- oCert: #2009-015 http://www.ocert. org/advisories/ ocert-2009- 015.html
- CVE-2009-XXXX
* SECURITY UPDATE: kio help URL validation
- the 'help://' protocol handler suffer from directory traversal.
- Add debian/patches/ security_ 03_kioslave_ input_validatio n.diff to
verify the URL
- http://www.kde. org/info/ security/ advisory- 20091027- 1.txt
- oCert: #2009-015 http://www.ocert. org/advisories/ ocert-2009- 015.html
- CVE-2009-XXXX - 95. By Jamie Strandboge
-
* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
Names field of X.509 certificates
- debian/patches/ CVE-2009- 2702.diff: verify that the
QString length of the SAN is not shorter than the ASN1 length
- CVE-2009-2702 - 94. By Jonathan Riddell
-
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. - 92. By Harald Sitter
-
* Remove 12_deprecate_
applnk. diff, it was the cause of all the problems with
non-kde4 applications we had (broken icons, duplicated entries etc.)
(LP: #254688, #268800)
* Add kubuntu_11_fix_ openwithdialog. diff to increase reliability of
kopenwithdialog. Without the patch it creates KService objects using
findByName, which is wrong whenever there is a non-application service
type with the same name as the application (e.g. Kontact and kontactconfig) - 91. By Harald Sitter
-
[ Roderick B. Greening ]
* Add dep for launchpad-integration to kdelibs5 (LP: #283834) [ Harald Sitter ]
* Fix localization icon in launchpad-integration patch
* Add kubuntu_10_fix_ kio_protocol_ mismatch. diff fixing a bug where dolphin
was crashing upon leaving an archive due to a protocol mismatch - 89. By Jonathan Riddell
-
Add kubuntu_
01_no_translate _pc_dir. diff, don't include quilt's
.pc directory in generated .pot files - 88. By Harald Sitter
-
* Add kubuntu_
09_fix_ application_ menu.diff from KDE trunk (LP: #230467)
* quilt refresh
* Reorder patches according to their numbers
* Remove accidently added junk
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/lucid/kde4libs
