[ubuntu/lucid] kdelibs 4:3.5.10.dfsg.1-2.1ubuntu1 (Accepted)
Jonathan Riddell
jriddell at ubuntu.com
Tue Nov 10 01:35:16 GMT 2009
kdelibs (4:3.5.10.dfsg.1-2.1ubuntu1) lucid; urgency=low
* Merge with Debian, remaining changes
- make sure control and control.in are in sync
- --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
- binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
- don't build-dep on libgamin-dev, libfam-dev
- stop kdelibs4-dev depending on gamin/fam
- don't install .svgz icons, docs or all_languages in kdelibs-data.install
- rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
- build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
- cdbs build-dep 0.4.41ubuntu2
- kdelibs4-dev depends on gettext-kde, kdesdk-scripts
- copy debian/icons over
- Make kdelibs4c2a depend on launchpad-integration, sudo. Recommends on xdg-user-dirs
- Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
- remove kdelibs4c2a depends on menu-xdg
- include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
- use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
- build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
- kdelibs-data.install : Add nzb mimetype
- Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
- remove /usr/bin/preparetips, arts files and ksvntopng from kdelibs4-dev.install
- Drop the package kdelibs4-doc completely. It contained API documentation which is now obsolete, but still available via api.kde.org.
- make sure control and control.in are in sync
- in debian/rule remove .pot files outside .po directory
- 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff
kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
* Non-maintainer upload by the testing Security Team.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
(Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. (Closes: #534949)
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
properly handle a '\0' character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority (Closes: #546212)
Date: Mon, 09 Nov 2009 17:43:28 +0000
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/kdelibs/4:3.5.10.dfsg.1-2.1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 09 Nov 2009 17:43:28 +0000
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs-dbg
Architecture: source
Version: 4:3.5.10.dfsg.1-2.1ubuntu1
Distribution: lucid
Urgency: high
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Description:
kdelibs - core libraries from the official KDE release
kdelibs-data - core shared data for all KDE applications
kdelibs-dbg - debugging symbols for kdelibs
kdelibs4-dev - development files for the KDE core libraries
kdelibs4c2a - core libraries and binaries for all KDE applications
Closes: 534949 534949 546212
Changes:
kdelibs (4:3.5.10.dfsg.1-2.1ubuntu1) lucid; urgency=low
.
* Merge with Debian, remaining changes
- make sure control and control.in are in sync
- --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
- binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
- don't build-dep on libgamin-dev, libfam-dev
- stop kdelibs4-dev depending on gamin/fam
- don't install .svgz icons, docs or all_languages in kdelibs-data.install
- rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
- build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
- cdbs build-dep 0.4.41ubuntu2
- kdelibs4-dev depends on gettext-kde, kdesdk-scripts
- copy debian/icons over
- Make kdelibs4c2a depend on launchpad-integration, sudo. Recommends on xdg-user-dirs
- Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
- remove kdelibs4c2a depends on menu-xdg
- include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
- use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
- build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
- kdelibs-data.install : Add nzb mimetype
- Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
- remove /usr/bin/preparetips, arts files and ksvntopng from kdelibs4-dev.install
- Drop the package kdelibs4-doc completely. It contained API documentation which is now obsolete, but still available via api.kde.org.
- make sure control and control.in are in sync
- in debian/rule remove .pot files outside .po directory
- 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff
.
kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
.
* Non-maintainer upload by the testing Security Team.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
overflow was found in the KDE implementation of garbage collector for the
JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
the HTML page <head> element. A remote attacker could use this flaw to
cause a denial of service (konqueror crash) or, potentially, execute
arbitrary code, with the privileges of the user running "konqueror" web
browser, if the victim was tricked to open a specially-crafted HTML page.
(Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
handled content, forming the value of CSS "style" attribute. A remote
attacker could use this flaw to cause a denial of service (konqueror crash)
or potentially execute arbitrary code with the privileges of the user
running "konqueror" web browser, if the victim visited a specially-crafted
CSS equipped HTML page. (Closes: #534949)
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
properly handle a '\0' character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority (Closes: #546212)
Checksums-Sha1:
dbc31885467d3e4e6e9bad0c1f086dcb3b7f3dac 2342 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.dsc
0015e31a1045fb6a243598e8104f1b3cbfe68774 798557 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.diff.gz
Checksums-Sha256:
a09dd65ef4cd1f28aa1b6105683fe3ac559d3d25c7bdfa7899ec4346aea4833c 2342 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.dsc
5f3469ff82500e4636628822c5f0f270b9c81537b7adf5c4b1366739f2399a76 798557 kdelibs_3.5.10.dfsg.1-2.1ubuntu1.diff.gz
Files:
576a248a5db7edd6d1ba0726becb6b94 2342 libs optional kdelibs_3.5.10.dfsg.1-2.1ubuntu1.dsc
d5c73bc9585a11f2673304f9f714957b 798557 libs optional kdelibs_3.5.10.dfsg.1-2.1ubuntu1.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkr4wR8ACgkQpQbm1N1NUIjbQQCg4Wzj6TrusalKRG0E6G6LaiMq
K2cAoLNKGc8+/z8XIB3dAMgzJYj2jT3l
=y7mw
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list