-
kde4libs (4:4.13.3-0ubuntu0.5) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation in DBus auth backend
- debian/patches/CVE-2017-8422.patch: verify caller in
kdecore/auth/AuthBackend.cpp, kdecore/auth/AuthBackend.h,
kdecore/auth/backends/dbus/DBusHelperProxy.cpp,
kdecore/auth/backends/dbus/DBusHelperProxy.h,
kdecore/auth/backends/policykit/PolicyKitBackend.cpp,
kdecore/auth/backends/policykit/PolicyKitBackend.h,
kdecore/auth/backends/polkit-1/Polkit1Backend.cpp,
kdecore/auth/backends/polkit-1/Polkit1Backend.h.
- CVE-2017-8422
-- Marc Deslauriers <email address hidden> Thu, 11 May 2017 09:10:03 -0400
-
kde4libs (4:4.13.3-0ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: information leak via crafted PAC file (LP: #1668871)
- debian/patches/CVE-2017-6410.patch: sanitize URLs in
kio/misc/kpac/script.cpp.
- CVE-2017-6410
-- Marc Deslauriers <email address hidden> Wed, 08 Mar 2017 10:25:45 -0500
-
kde4libs (4:4.13.3-0ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: file extraction out of the expected directory
- debian/patches/CVE-2016-6232.patch: limit files to extraction folder
in kdecore/io/karchive.cpp.
- CVE-2016-6232
-- Marc Deslauriers <email address hidden> Mon, 25 Jul 2016 15:05:37 -0400
-
kde4libs (4:4.13.3-0ubuntu0.2) trusty-security; urgency=medium
* No change rebuild in the -security pocket.
-- Marc Deslauriers <email address hidden> Fri, 21 Nov 2014 08:06:47 -0500
-
kde4libs (4:4.13.3-0ubuntu0.1) trusty; urgency=medium
* New upstream bugfix release (LP: #1349296)
- drop CVE-2014-3494.patch, applied upstream
-- Philip Muskovac <email address hidden> Mon, 04 Aug 2014 20:25:28 +0200
-
kde4libs (4:4.13.2a-0ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: kauth authentication bypass (LP: #1350019)
- debian/patches/CVE-2014-5033.patch: use dbus system bus name instead
of PID for authentication. Cherry-picked from upstream.
- CVE-2014-5033
-- Felix Geyer <email address hidden> Tue, 29 Jul 2014 22:35:14 +0200
-
kde4libs (4:4.13.2a-0ubuntu0.2) trusty; urgency=medium
* Fix KMail/KIO SSL flaw
- CVE-2014-3494 (LP: #1332064)
-- Rohan Garg <email address hidden> Wed, 25 Jun 2014 15:04:43 +0200
-
kde4libs (4:4.13.2a-0ubuntu0.1) trusty; urgency=medium
* New upstream bugfix release (LP: #1327591)
* Drop kubuntu_meinproc-libxml-fix.diff and kubuntu_revert_6246e99b.diff,
applied upstream
* Refresh make_libkdeinit4_private.diff to remove fuzz
-- Philip Muskovac <email address hidden> Wed, 18 Jun 2014 12:47:31 +0200
-
kde4libs (4:4.13.1-0ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: Fix KMail/KIO SSL flaw
- CVE-2014-3494 (LP: #1332064)
-- Rohan Garg <email address hidden> Thu, 19 Jun 2014 15:23:08 +0200
-
kde4libs (4:4.13.1-0ubuntu0.1) trusty; urgency=medium
[ Philip Muškovac ]
* New upstream bugfix release (LP: #1318142)
* Revert upstream commit 6246e99b as it causes problems with the
free space calculation of CIFS mounts (kde bug #334776)
-- Philip Muskovac <email address hidden> Sat, 10 May 2014 10:54:09 +0200
-
kde4libs (4:4.13.0-0ubuntu1.1) trusty; urgency=medium
* Add kubuntu_meinproc-libxml-fix.diff to fix documentation
compilation in KDE Software with meinproc after libxml security
fix broke it LP: #1324066
-- Jonathan Riddell <email address hidden> Wed, 28 May 2014 11:41:58 +0100
-
kde4libs (4:4.13.0-0ubuntu1) trusty; urgency=medium
* New upstream KDE Software Compilation release
-- Jonathan Riddell <email address hidden> Thu, 10 Apr 2014 21:47:58 +0100
-
kde4libs (4:4.12.97-0ubuntu1) trusty; urgency=medium
* New upstream release candidate
-- Philip Muskovac <email address hidden> Wed, 02 Apr 2014 11:18:42 +0200
-
kde4libs (4:4.12.95-0ubuntu1) trusty; urgency=medium
[ Rohan Garg ]
* New upstream beta release
[ Philip Muškovac ]
* kdelibs5-dev breaks/replaces pkg-kde-tools (<< 0.15.3ubuntu5)
(for /usr/bin/preparetips)
-- Rohan Garg <email address hidden> Sun, 23 Mar 2014 12:06:39 +0100
-
kde4libs (4:4.12.90-0ubuntu1) trusty; urgency=medium
* New upstream beta release LP: #1291899
-- Jonathan Riddell <email address hidden> Wed, 19 Mar 2014 10:46:54 +0000
-
kde4libs (4:4.12.3-0ubuntu1) trusty; urgency=medium
* New upstream bugfix release
-- Rohan Garg <email address hidden> Tue, 04 Mar 2014 20:35:21 +0100
-
kde4libs (4:4.12.2-0ubuntu2) trusty; urgency=medium
* Update symbols file
-- Jonathan Riddell <email address hidden> Wed, 12 Feb 2014 13:09:52 +0000
-
kde4libs (4:4.12.2-0ubuntu1) trusty; urgency=medium
* New upstream bugfix release
* Update relax_plugin_kde_version_check.diff
-- Rohan Garg <email address hidden> Tue, 04 Feb 2014 23:43:34 +0000
-
kde4libs (4:4.12.1-0ubuntu1) trusty; urgency=low
* New upstream bugfix release
- Update symbols
-- Rohan Garg <email address hidden> Thu, 16 Jan 2014 08:02:11 +0000
-
kde4libs (4:4.12.0-0ubuntu1) trusty; urgency=low
[ Jonathan Riddell ]
* New upstream release
[ Dimitri John Ledkov ]
* Drop perl dependency from kdelibs5-dev, since wrong arch perl is
pulled in and perl is guaranteed to be present anyway, since it's
build-essential.
-- Jonathan Riddell <email address hidden> Wed, 18 Dec 2013 16:33:28 +0000
-
kde4libs (4:4.11.97-0ubuntu2) trusty; urgency=low
* Add kubuntu_raise_after_drkonqi.patch (whoopsie-integration-set).
This patch enables KCrash to check for /var/crash/$app.$uid.drkonqi-accept
after drkonqi terminated. If the file is found instead of _exiting it
will unset the KDE crash handlers and re-raise the signal. This will
cause a core dump which is processed by apport into an apport crash report.
Kubuntu-notitification-helper can then use the report and drkonqi-accept
file to submit the crash via whoopsie.
-- Harald Sitter <email address hidden> Thu, 12 Dec 2013 12:40:45 +0100
-
kde4libs (4:4.11.97-0ubuntu1) trusty; urgency=low
* New upstream RC release
-- Jonathan Riddell <email address hidden> Fri, 29 Nov 2013 12:39:31 +0000
-
kde4libs (4:4.11.95-0ubuntu1) trusty; urgency=low
[ Rohan Garg ]
* New upstream beta release
-- Philip Muskovac <email address hidden> Mon, 25 Nov 2013 17:50:27 +0100
-
kde4libs (4:4.11.80-0ubuntu1) trusty; urgency=low
[ Rohan Garg ]
* New upstream beta release
* Drop kubuntu_solid_udev_processor.diff, applied upstream
[ Philip Muškovac ]
* Refresh symbol files
* Drop missing manpage from kdelibs5-dev.install
-- Rohan Garg <email address hidden> Sat, 23 Nov 2013 17:31:29 +0100
-
kde4libs (4:4.11.2-0ubuntu4) trusty; urgency=low
* Add kubuntu_solid_udev_processor.diff LP: #1245542
"Solid can not read processor information"
-- Jonathan Riddell <email address hidden> Mon, 28 Oct 2013 16:13:31 +0000
-
kde4libs (4:4.11.2-0ubuntu3) trusty; urgency=low
* Build-Depend on grantlee on arm64 again; libqt4-script no longer segfaults
everywhere.
-- William Grant <email address hidden> Wed, 23 Oct 2013 21:49:12 +1100
-
kde4libs (4:4.11.2-0ubuntu2) saucy; urgency=low
* Don't Build-Depend on grantlee on arm64. It's only used for tests, and
libqt4-script is broken there.
-- William Grant <email address hidden> Mon, 14 Oct 2013 17:57:05 +1100