lp:ubuntu/hardy-security/kdelibs

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

139. By Jamie Strandboge on 2009-12-07

* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - based on patch by Jonathan Riddell
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

138. By Jamie Strandboge on 2009-09-15

* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
  Names field of X.509 certificates
  - debian/patches/security_04_CVE-2009-2702.diff: verify that the
    QString length of the SAN is not shorter than the ASN1 length
  - CVE-2009-2702

137. By Marc Deslauriers on 2009-08-20

* SECURITY UPDATE: arbitrary code execution via JavaScript garbage
  collector allocation failures
  - debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
    overflow before doing the realloc in kjs/collector.cpp.
  - CVE-2009-1687
* SECURITY UPDATE: arbitrary code execution via use-after-free
  - debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
    khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
    htmlparser,Platform,RefPtr}.h.
  - CVE-2009-1690
* SECURITY UPDATE: arbitrary code execution via CSS attr function call
  with a large numerical argument
  - debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
    khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
    khtml/css/css_valueimpl.cpp.
  - CVE-2009-1698

136. By Jamie Strandboge on 2009-02-23

No change rebuild to satisfy build dependency for kdepim security update

135. By Jonathan Riddell on 2008-04-22

* SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit
  processing of user-influenceable input is faulty. A local user
  might be able to send unix signals to other processes, cause
  a denial of service or even possibly execute arbitrary code.
* Add kubuntu_9903_kinit_integer_overflow.diff, edits
  kinit/start_kdeinit.c, patch from upstream KDE
* References
  http://www.kde.org/info/security/advisory-20080426-2.txt
  CVE-2008-1671

134. By Jonathan Riddell on 2008-04-10

Update debian/patches/kubuntu_55_printer_sharing.diff to run
system-config-printer-kde to let users enable printer sharing
rather than the old cups settings scripts. Closes LP: #208381

133. By Guillaume Martres on 2008-03-28

* Renamed kubuntu_99_system_config_printer_applet.diff to
  kubuntu_9901_system_config_printer_applet.diff
* Added kubuntu_9902_kde4_kded_blacklist_modules.diff, don't autoload
  every kded modules in KDE4, replace kubuntu_9924_kde4_no_medianotifier.diff
  from kdebase

132. By Jonathan Riddell on 2008-03-12

Add kubuntu_99_system_config_printer_applet.diff, don't show
printer applet if system-config-printer-applet-kde is installed

131. By Anthony Mercatante on 2008-03-11

Fixed debian/rules, msgcat keeps the first headers only.

130. By Jonathan Riddell on 2008-03-11

[ Jonathan Riddell ]
* Add kubuntu_98_kate_paste_cursor.diff from upstream
  Fixes http://bugs.kde.org/158069 "wrong cursor possition after Paste"

[ Anthony Mercatante ]
* Fixed debian/rules, runng msgcat for kdelibs.pot in
  common-install-prehook-impl target in order to proceed
  earlier for Rosetta pot file export.