lp:ubuntu/hardy-security/kdelibs
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/kdelibs
Branch merges
Branch information
Recent revisions
- 139. By Jamie Strandboge
-
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/ security_ 05_CVE- 2009-0689. diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/ security_ 05_XMLHttpReque st_vulnerabilit y.diff,
restricts xmlhttprequest to http protocols only
- based on patch by Jonathan Riddell
- http://www.kde. org/info/ security/ advisory- 20091027- 1.txt
- oCert: #2009-015 http://www.ocert. org/advisories/ ocert-2009- 015.html
- CVE-2009-XXXX - 138. By Jamie Strandboge
-
* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
Names field of X.509 certificates
- debian/patches/ security_ 04_CVE- 2009-2702. diff: verify that the
QString length of the SAN is not shorter than the ASN1 length
- CVE-2009-2702 - 137. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via JavaScript garbage
collector allocation failures
- debian/patches/ security_ 01_CVE- 2009-1687. diff: make sure we don't
overflow before doing the realloc in kjs/collector.cpp.
- CVE-2009-1687
* SECURITY UPDATE: arbitrary code execution via use-after-free
- debian/patches/ security_ 02_CVE- 2009-1690. diff: use head.get() in
khtml/html/htmlparser .cpp, and backport khtml/html/ {AlwaysInline,
htmlparser,Platform, RefPtr} .h.
- CVE-2009-1690
* SECURITY UPDATE: arbitrary code execution via CSS attr function call
with a large numerical argument
- debian/patches/ security_ 03_CVE- 2009-1698. diff: add extra checks to
khtml/css/cssparser. cpp and implement CSSPrimitiveVal ue::CSS_ ATTR in
khtml/css/css_ valueimpl. cpp.
- CVE-2009-1698 - 135. By Jonathan Riddell
-
* SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit
processing of user-influenceable input is faulty. A local user
might be able to send unix signals to other processes, cause
a denial of service or even possibly execute arbitrary code.
* Add kubuntu_9903_kinit_ integer_ overflow. diff, edits
kinit/start_kdeinit. c, patch from upstream KDE
* References
http://www.kde. org/info/ security/ advisory- 20080426- 2.txt
CVE-2008-1671 - 134. By Jonathan Riddell
-
Update debian/
patches/ kubuntu_ 55_printer_ sharing. diff to run
system-config- printer- kde to let users enable printer sharing
rather than the old cups settings scripts. Closes LP: #208381 - 133. By Guillaume Martres
-
* Renamed kubuntu_
99_system_ config_ printer_ applet. diff to
kubuntu_9901_system_ config_ printer_ applet. diff
* Added kubuntu_9902_kde4_ kded_blacklist_ modules. diff, don't autoload
every kded modules in KDE4, replace kubuntu_9924_kde4_ no_medianotifie r.diff
from kdebase - 132. By Jonathan Riddell
-
Add kubuntu_
99_system_ config_ printer_ applet. diff, don't show
printer applet if system-config- printer- applet- kde is installed - 130. By Jonathan Riddell
-
[ Jonathan Riddell ]
* Add kubuntu_98_kate_ paste_cursor. diff from upstream
Fixes http://bugs.kde. org/158069 "wrong cursor possition after Paste" [ Anthony Mercatante ]
* Fixed debian/rules, runng msgcat for kdelibs.pot in
common-install- prehook- impl target in order to proceed
earlier for Rosetta pot file export.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/kdelibs