lp://staging/ubuntu/jaunty-security/kde4libs

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

128. By Jamie Strandboge on 2009-12-07

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
  - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
    numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

127. By Jamie Strandboge on 2009-09-15

* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
  Names field of X.509 certificates
  - debian/patches/CVE-2009-2702.diff: verify that the QString length of the
    SAN is not shorter than the ASN1 length
  - CVE-2009-2702

126. By Marc Deslauriers on 2009-08-20

[ Jonathan Riddell ]
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
  overflow was found in the KDE implementation of garbage collector for the
  JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
  the HTML page <head> element. A remote attacker could use this flaw to
  cause a denial of service (konqueror crash) or, potentially, execute
  arbitrary code, with the privileges of the user running "konqueror" web
  browser, if the victim was tricked to open a specially-crafted HTML page.
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
  handled content, forming the value of CSS "style" attribute. A remote
  attacker could use this flaw to cause a denial of service (konqueror crash)
  or potentially execute arbitrary code with the privileges of the user
  running "konqueror" web browser, if the victim visited a specially-crafted
  CSS equipped HTML page.

[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary code execution via document with SVGPathList
  data structure containing a negative index
  - debian/patches/CVE-2009-0945.diff: make sure index is sane in
    khtml/svg/SVGList.h.
  - CVE-2009-0945

125. By Jonathan Riddell on 2009-04-15

Fix kubuntu_56_langpacks_desktop_files.diff so it uses the stock
translation files, closes LP: #355814

124. By Jonathan Riddell on 2009-04-10

Add back an improved version of
kubuntu_69_do_not_show_plasma_popups_over_screensaver.diff from
Aurélien Gâteau, Closes LP: #354059
see also http://bugs.kde.org/show_bug.cgi?id=179924

123. By Jonathan Riddell on 2009-04-08

Add KUBUNTU_DESKTOP_POT

122. By Jonathan Riddell on 2009-04-07

Update kubuntu_56_langpacks_desktop_files.diff to work with KDE 4
and enable patch. Someone decided, post beta, to remove translations from
.desktop files, so let's hope this works.

121. By Andreas Wenning on 2009-04-01

[ Jonathan Thomas ]
* New upstream release (LP: #344709, #348823):
  - Bump upstreamversion and runtimedeps in debian/rules
  - Remove kubuntu_65_kcmdlineargs_decoding_svn934640.diff, applied upstream

[ Andreas Wenning ]
* Remove patch kubuntu_69_do_not_show_plasma_popups_over_screensaver.diff,
  applied upstream

120. By Jonathan Thomas on 2009-03-23

[ Jonathan Thomas ]
* Add kubuntu_68_oxygen_tabbar_text_hints.diff to fix text/icon overlap in
  arora tabs

[ Jonathan Riddell ]
* Add kubuntu_69_do_not_show_plasma_popups_over_screensaver.diff
  from Aurélien Gâteau, closes LP: #339902

119. By Jonathan Riddell on 2009-03-17

Add kubuntu_66_store_password_text.diff, simplify dialogue text