Created by James Westby on 2010-02-22 and last modified on 2010-02-22
Get this branch:
bzr branch lp:debian/lenny/kdelibs
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

18. By Moritz Muehlenhoff <email address hidden> on 2010-02-07

* Non-maintainer upload by the Security Team.
* CVE-2009-0689

17. By Giuseppe Iuculano on 2009-10-15

* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
  properly handle a '\0' character in a domain name in the Subject
  Alternative Name field of an X.509 certificate, which allows
  man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
  certificate issued by a legitimate Certification Authority (Closes: #546212)

16. By Giuseppe Iuculano on 2009-08-09

* Non-maintainer upload.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
  overflow was found in the KDE implementation of garbage collector for the
  JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
  the HTML page <head> element. A remote attacker could use this flaw to
  cause a denial of service (konqueror crash) or, potentially, execute
  arbitrary code, with the privileges of the user running "konqueror" web
  browser, if the victim was tricked to open a specially-crafted HTML page.
  (Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
  handled content, forming the value of CSS "style" attribute. A remote
  attacker could use this flaw to cause a denial of service (konqueror crash)
  or potentially execute arbitrary code with the privileges of the user
  running "konqueror" web browser, if the victim visited a specially-crafted
  CSS equipped HTML page. (Closes: #534949)

15. By Debian Qt/KDE Maintainers <email address hidden> on 2008-11-21

+++ Changes by Ana Beatriz Guerrero Lopez:

* New upstream release.
  - Most of the changes were already provided by the patches:
    - 01_kdelibs_branch_r828883.diff
    - 02_kate_regression_r777286.diff
    - 03_start_kdeinit_integer_overflow.diff (provided for CVE-2008-1671)
    - 05_kate_debianchangelog_default_context_r799980.diff
    - 06_khtml_rendering_r786289.diff
  that have been dropped now.
  - New changes:
    - Changes for showing KDE 3.5.10 instead of 3.5.9 in the KDE apps.
    - Fix while saving sessions for multiple scripts. (KDE SVN r837226,
      KDE bug 166598).
    - Fix in kdeprint. (KDE SVN r848634)
    - Avoid showing authentication-dialogue being put behind the application
      window. (KDE SVN r849216, KDE bug 121803).

+++ Changes by Raúl Sánchez Siles:

* kdeprint: Wrong initscript name (cupsys instead of cups) (Closes:
* Fixed 98_buildprep.patch so double compilation works.
* Fixed wrong http header parsing, added 61_httpheader_backport.diff
* Fixed wrong Google Maps rendering, added 62_fix_googlemaps_backport.diff
* Change dependencies from obsolete libcupsys2-dev to libcups2-dev.
* konqueror: Crash on eBay page (Closes: #502459) with recently added

14. By Ana Beatriz Guerrero López on 2008-07-08

Fix kdepart freeze with some replacements. (Closes: #482268)
Many thanks to Steve Cotton.

13. By Richard Birnie on 2008-05-01

Import upstream version 3.5.9.dfsg.1

12. By Jonathan Riddell on 2008-02-14

Import upstream version 3.5.9

11. By Jonathan Riddell on 2007-10-09

Import upstream version 3.5.8

10. By Sarah Kowalik on 2007-05-21

Import upstream version 3.5.7

9. By Jonathan Riddell on 2007-01-17

Import upstream version 3.5.6

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.