lp:debian/lenny/kdelibs
- Get this branch:
- bzr branch lp:debian/lenny/kdelibs
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 18. By Moritz Muehlenhoff <email address hidden>
-
* Non-maintainer upload by the Security Team.
* CVE-2009-0689 - 17. By Giuseppe Iuculano
-
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
properly handle a '\0' character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority (Closes: #546212) - 16. By Giuseppe Iuculano
-
* Non-maintainer upload.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
(Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. (Closes: #534949) - 15. By Debian Qt/KDE Maintainers <email address hidden>
-
+++ Changes by Ana Beatriz Guerrero Lopez:
* New upstream release.
- Most of the changes were already provided by the patches:
- 01_kdelibs_branch_ r828883. diff
- 02_kate_regression_ r777286. diff
- 03_start_kdeinit_ integer_ overflow. diff (provided for CVE-2008-1671)
- 05_kate_debianchangelog _default_ context_ r799980. diff
- 06_khtml_rendering_ r786289. diff
that have been dropped now.
- New changes:
- Changes for showing KDE 3.5.10 instead of 3.5.9 in the KDE apps.
- Fix while saving sessions for multiple scripts. (KDE SVN r837226,
KDE bug 166598).
- Fix in kdeprint. (KDE SVN r848634)
- Avoid showing authentication-dialogue being put behind the application
window. (KDE SVN r849216, KDE bug 121803).+++ Changes by Raúl Sánchez Siles:
* kdeprint: Wrong initscript name (cupsys instead of cups) (Closes:
#496110)
* Fixed 98_buildprep.patch so double compilation works.
* Fixed wrong http header parsing, added 61_httpheader_backport. diff
* Fixed wrong Google Maps rendering, added 62_fix_googlemaps_ backport. diff
* Change dependencies from obsolete libcupsys2-dev to libcups2-dev.
* konqueror: Crash on eBay page (Closes: #502459) with recently added
63_fixed-layout- table.diff - 14. By Ana Beatriz Guerrero López
-
Fix kdepart freeze with some replacements. (Closes: #482268)
Many thanks to Steve Cotton.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/kdelibs