[ubuntu/lucid] kdelibs 4:3.5.10.dfsg.1-2.1ubuntu1 (Accepted)

Jonathan Riddell jriddell at ubuntu.com
Tue Nov 10 01:35:16 GMT 2009 

kdelibs (4:3.5.10.dfsg.1-2.1ubuntu1) lucid; urgency=low

  * Merge with Debian, remaining changes
   - make sure control and control.in are in sync
   - --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
   - binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
   - don't build-dep on libgamin-dev, libfam-dev
   - stop kdelibs4-dev depending on gamin/fam
   - don't install .svgz icons, docs or all_languages in kdelibs-data.install
   - rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
   - build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
   - cdbs build-dep 0.4.41ubuntu2
   - kdelibs4-dev depends on gettext-kde, kdesdk-scripts
   - copy debian/icons over
   - Make kdelibs4c2a depend on launchpad-integration, sudo.  Recommends on xdg-user-dirs
   - Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
   - remove kdelibs4c2a depends on menu-xdg
   - include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
   - use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
   - build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
   - kdelibs-data.install : Add nzb mimetype
   - Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
   - remove /usr/bin/preparetips, arts files and ksvntopng from kdelibs4-dev.install
   - Drop the package kdelibs4-doc completely. It contained API documentation  which is now obsolete, but still available via api.kde.org.
   - make sure control and control.in are in sync
   - in debian/rule remove .pot files outside .po directory
   - 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff

kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high

  * Non-maintainer upload by the testing Security Team.
  * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
    overflow was found in the KDE implementation of garbage collector for the
    JavaScript language (KJS).
  * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
    the HTML page <head> element. A remote attacker could use this flaw to
    cause a denial of service (konqueror crash) or, potentially, execute
    arbitrary code, with the privileges of the user running "konqueror" web
    browser, if the victim was tricked to open a specially-crafted HTML page.
    (Closes: #534949)
  * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
    handled content, forming the value of CSS "style" attribute. A remote
    attacker could use this flaw to cause a denial of service (konqueror crash)
    or potentially execute arbitrary code with the privileges of the user
    running "konqueror" web browser, if the victim visited a specially-crafted
    CSS equipped HTML page. (Closes: #534949)
  * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
    properly handle a '\0' character in a domain name in the Subject
    Alternative Name field of an X.509 certificate, which allows
    man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
    certificate issued by a legitimate Certification Authority (Closes: #546212)

Date: Mon, 09 Nov 2009 17:43:28 +0000
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/kdelibs/4:3.5.10.dfsg.1-2.1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 09 Nov 2009 17:43:28 +0000
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs-dbg
Architecture: source
Version: 4:3.5.10.dfsg.1-2.1ubuntu1
Distribution: lucid
Urgency: high
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Description: 
 kdelibs    - core libraries from the official KDE release
 kdelibs-data - core shared data for all KDE applications
 kdelibs-dbg - debugging symbols for kdelibs
 kdelibs4-dev - development files for the KDE core libraries
 kdelibs4c2a - core libraries and binaries for all KDE applications
Closes: 534949 534949 546212
Changes: 
 kdelibs (4:3.5.10.dfsg.1-2.1ubuntu1) lucid; urgency=low
 .
   * Merge with Debian, remaining changes
    - make sure control and control.in are in sync
    - --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
    - binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
    - don't build-dep on libgamin-dev, libfam-dev
    - stop kdelibs4-dev depending on gamin/fam
    - don't install .svgz icons, docs or all_languages in kdelibs-data.install
    - rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
    - build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
    - cdbs build-dep 0.4.41ubuntu2
    - kdelibs4-dev depends on gettext-kde, kdesdk-scripts
    - copy debian/icons over
    - Make kdelibs4c2a depend on launchpad-integration, sudo.  Recommends on xdg-user-dirs
    - Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
    - remove kdelibs4c2a depends on menu-xdg
    - include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
    - use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
    - build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
    - kdelibs-data.install : Add nzb mimetype
    - Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
    - remove /usr/bin/preparetips, arts files and ksvntopng from kdelibs4-dev.install
    - Drop the package kdelibs4-doc completely. It contained API documentation  which is now obsolete, but still available via api.kde.org.
    - make sure control and control.in are in sync
    - in debian/rule remove .pot files outside .po directory
    - 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff
 .
 kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
 .
   * Non-maintainer upload by the testing Security Team.
   * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
     overflow was found in the KDE implementation of garbage collector for the
     JavaScript language (KJS).
   * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
     the HTML page <head> element. A remote attacker could use this flaw to
     cause a denial of service (konqueror crash) or, potentially, execute
     arbitrary code, with the privileges of the user running "konqueror" web
     browser, if the victim was tricked to open a specially-crafted HTML page.
     (Closes: #534949)
   * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
     handled content, forming the value of CSS "style" attribute. A remote
     attacker could use this flaw to cause a denial of service (konqueror crash)
     or potentially execute arbitrary code with the privileges of the user
     running "konqueror" web browser, if the victim visited a specially-crafted
     CSS equipped HTML page. (Closes: #534949)
   * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
     properly handle a '\0' character in a domain name in the Subject
     Alternative Name field of an X.509 certificate, which allows
     man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
     certificate issued by a legitimate Certification Authority (Closes: #546212)
Checksums-Sha1: 
 dbc31885467d3e4e6e9bad0c1f086dcb3b7f3dac 2342 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.dsc
 0015e31a1045fb6a243598e8104f1b3cbfe68774 798557 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.diff.gz
Checksums-Sha256: 
 a09dd65ef4cd1f28aa1b6105683fe3ac559d3d25c7bdfa7899ec4346aea4833c 2342 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.dsc
 5f3469ff82500e4636628822c5f0f270b9c81537b7adf5c4b1366739f2399a76 798557 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.diff.gz
Files: 
 576a248a5db7edd6d1ba0726becb6b94 2342 libs optional kdelibs_3.5.10.dfsg.1-2.1ubuntu1.dsc
 d5c73bc9585a11f2673304f9f714957b 798557 libs optional kdelibs_3.5.10.dfsg.1-2.1ubuntu1.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkr4wR8ACgkQpQbm1N1NUIjbQQCg4Wzj6TrusalKRG0E6G6LaiMq
K2cAoLNKGc8+/z8XIB3dAMgzJYj2jT3l
=y7mw
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list