Back to kdelibs PTS page

Accepted kdelibs 4:3.5.10.dfsg.1-2.1 (source all i386)

To: debian-devel-changes@lists.debian.org
Subject: Accepted kdelibs 4:3.5.10.dfsg.1-2.1 (source all i386)
From: Giuseppe Iuculano <iuculano@debian.org>
Date: Wed, 14 Oct 2009 10:20:35 +0000
Message-id: <E1My0yB-0001Uq-Ow@ries.debian.org>
Sender: Archive Administrator <dak@ries.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 14 Oct 2009 09:57:26 +0200
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs4-doc kdelibs-dbg
Architecture: source all i386
Version: 4:3.5.10.dfsg.1-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description: 
 kdelibs    - core libraries from the official KDE release
 kdelibs-data - core shared data for all KDE applications
 kdelibs-dbg - debugging symbols for kdelibs
 kdelibs4-dev - development files for the KDE core libraries
 kdelibs4-doc - developer documentation for the KDE core libraries
 kdelibs4c2a - core libraries and binaries for all KDE applications
Closes: 534949 534949 546212
Changes: 
 kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
 .
   * Non-maintainer upload by the testing Security Team.
   * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
     overflow was found in the KDE implementation of garbage collector for the
     JavaScript language (KJS).
   * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
     the HTML page <head> element. A remote attacker could use this flaw to
     cause a denial of service (konqueror crash) or, potentially, execute
     arbitrary code, with the privileges of the user running "konqueror" web
     browser, if the victim was tricked to open a specially-crafted HTML page.
     (Closes: #534949)
   * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
     handled content, forming the value of CSS "style" attribute. A remote
     attacker could use this flaw to cause a denial of service (konqueror crash)
     or potentially execute arbitrary code with the privileges of the user
     running "konqueror" web browser, if the victim visited a specially-crafted
     CSS equipped HTML page. (Closes: #534949)
   * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
     properly handle a '\0' character in a domain name in the Subject
     Alternative Name field of an X.509 certificate, which allows
     man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
     certificate issued by a legitimate Certification Authority (Closes: #546212)
Checksums-Sha1: 
 504fd9e9dd1ffbbda2b654ad681ba3388ee6c14e 2230 kdelibs_3.5.10.dfsg.1-2.1.dsc
 d12ff23264c4d4c78835e3389fd8cbdf662dcccc 657806 kdelibs_3.5.10.dfsg.1-2.1.diff.gz
 2bf9237e425be86e35661d494abf236808c2d41a 30134 kdelibs_3.5.10.dfsg.1-2.1_all.deb
 3bf227f539914b357886aa7345ede1df3d751731 8718404 kdelibs-data_3.5.10.dfsg.1-2.1_all.deb
 0981d0e43afee520bf2f9fe73298ba646a5178d0 26876690 kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb
 72da39a38c3f0c7d8389ab067d67c50fff71fa47 10306148 kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb
 0fb0f0067556a75f01da4c57113fe541a10153cf 1441552 kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb
 2641630f70d67eba1b2bfff4f231ffbd69d9d523 26850578 kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb
Checksums-Sha256: 
 c9be2e68f7734afd36ad36dfd4e3922d621c9704f76ba6f7e74041a7344db979 2230 kdelibs_3.5.10.dfsg.1-2.1.dsc
 f03c839ee8890787961411ec4ec8c31a7948946991c398f1532371c2ded52e15 657806 kdelibs_3.5.10.dfsg.1-2.1.diff.gz
 7e54dae986afa8f82328d51912ddc4cbab3a3a70a8f7e9df9642c20994f399ab 30134 kdelibs_3.5.10.dfsg.1-2.1_all.deb
 43f5de0902b43e8b5de42618c8a6dc0cf66a72fce0f631e176f33e281347f6f2 8718404 kdelibs-data_3.5.10.dfsg.1-2.1_all.deb
 038fabef9b00af6b8807d1fb0ffdcb008a8b79ba9125757f9ba96570e6548f4f 26876690 kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb
 e56fa11511f123272c152c9d52bee746713a845aff9ae221ec350a99f105abef 10306148 kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb
 0945488b45e9ee8733dcf81a31189515aac0fed0a27b15c882657c2bf8d7531d 1441552 kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb
 75b95353dd45a0e66b40333a0b19d26f4e3838602b782e4e499f2afb84030a30 26850578 kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb
Files: 
 8f021af421cb2d1badfbf3fa43d1a38e 2230 libs optional kdelibs_3.5.10.dfsg.1-2.1.dsc
 aa060ab549a04763ee2dec80282a3bb1 657806 libs optional kdelibs_3.5.10.dfsg.1-2.1.diff.gz
 9ad9183442a86eae391cdae28d43e15a 30134 libs optional kdelibs_3.5.10.dfsg.1-2.1_all.deb
 3a24f98d46d4f750e37ee00869f0605f 8718404 libs optional kdelibs-data_3.5.10.dfsg.1-2.1_all.deb
 3f22d5422b42a0a87e1ed85135fae9d8 26876690 doc optional kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb
 debfeb004c10df7412ca24e055186105 10306148 libs optional kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb
 4564cd5e347739081afa335d52fa4c5c 1441552 libdevel optional kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb
 60b143ce4e602840fc1bf96bb9fe274f 26850578 libdevel extra kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrVmYgACgkQNxpp46476aqOHwCdEzbBD4cG/QjWu4DWK0UuHzwM
c44An06wYnDYXL4LsQfZe1G1GryYwV/z
=I17X
-----END PGP SIGNATURE-----


Accepted:
kdelibs-data_3.5.10.dfsg.1-2.1_all.deb
  to pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-2.1_all.deb
kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb
  to pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2.1_i386.deb
kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb
  to pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2.1_i386.deb
kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb
  to pool/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-2.1_all.deb
kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb
  to pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2.1_i386.deb
kdelibs_3.5.10.dfsg.1-2.1.diff.gz
  to pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2.1.diff.gz
kdelibs_3.5.10.dfsg.1-2.1.dsc
  to pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2.1.dsc
kdelibs_3.5.10.dfsg.1-2.1_all.deb
  to pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2.1_all.deb