On Fri, Dec 15, 2023 at 10:39:04AM +0200, Adrian Bunk wrote:
> > That is a good point. However, I consider full coverage of security support
> > for stable to be an improvement over the current situation. Explicitly
> > stating that security support is not shipped for oldstable does not do any
> >
Source: kross
Version: 5.96.0-1
Severity: serious
See #1017061, kross isn't useful without interpreters.
Cheers,
Moritz
Source: kross-interpreters
Version: 4:21.12.3-1
Severity: serious
Your package came up as a candidate for removal from Debian. On
IRC Sune mentioned that libkross is most probably unused these
days and on the KF6 removal list. And the Python bindings still
depend on Python 2 (without porting activ
Source: kf5-messagelib
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://kde.org/info/security/advisory-20210429-1.txt
Patch:
https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
Cheers,
Moritz
Source: qtsvg-opensource-src
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-3481:
https://bugreports.qt.io/browse/QTBUG-91507
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
https://codereview.qt-project.org/c/qt/qtsvg/+/337587
https:
On Sat, Oct 31, 2020 at 07:22:25PM +0100, Pino Toscano wrote:
> severity 936809 important
> thanks
>
> Hi Moritz,
>
> In data domenica 25 ottobre 2020 10:45:05 CET, Debian Bug Tracking System ha
> scritto:
> > Processing commands for cont...@bugs.debian.org:
> >
> > > severity 936809 serious
>
Package: kdeconnect
Severity: normal
kdeconnect suggests python-nautilus for the shipped Nautilus extension.
The python-nautilus source package dropped the Python 2 package, so
either the Suggests: should point to python3-nautilus (if the extension
is Py3 compatible) or the Suggests: and the exten
Package: kde-sc-dev-latest
Severity: serious
All reverse dependencies of automoc have been dropped, but kde-sc-dev-latest
still
depends on it, blocking it's removal.
Cheers,
Moritz
On Tue, Apr 09, 2019 at 06:49:16PM +0200, Ivo De Decker wrote:
> Hi Salvatore,
>
> On 4/8/19 10:59 PM, Salvatore Bonaccorso wrote:
> > Control: reassign -1 src:kdepim
> > On Mon, Apr 08, 2019 at 11:36:10AM +0200, Ivo De Decker wrote:
> > > Hi,
> > >
> > > On Sat, May 19, 2018 at 07:18:06PM +0200,
On Tue, Apr 02, 2019 at 06:28:39PM -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
> El martes, 2 de abril de 2019 17:48:26 -03 Moritz Mühlenhoff escribió:
> [snip]
> > > Truth is we can't even agree inside the team. Some of us think we should
> > > just remove it alongside whatever hasn't been
On Wed, Mar 20, 2019 at 12:13:56AM +0100, Sandro Knauß wrote:
> Hey,
>
> > The security bug filed against kauth in #921995 also seems to affect
> > kde4libs, the code is in kdecore/auth/backends/dbus/DBusHelperProxy.cpp?
>
> yes, it is likely, that also kde4libs is affected. kauth is KDE Framewor
Source: qt4-x11
Severity: grave
Tags: security
Three security issues fixed in QT5 also affect qt4-x11:
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
CVE-2018-19873:
https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
CVE-2018-19871:
ht
Source: kde4libs
Severity: important
Tags: security
The security bug filed against kauth in #921995 also seems to affect kde4libs,
the
code is in kdecore/auth/backends/dbus/DBusHelperProxy.cpp?
Cheers,
Moritz
a las 23:18 +0200, Maximiliano Curia escribió:
> >>>¡Hola Moritz!
>
> >>>El 2018-05-03 a las 22:56 +0200, Moritz Muehlenhoff escribió:
> >>>>On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Curia wrote:
> >>>>>Hi,
>
> >>>&
On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Curia wrote:
> Hi,
>
> Following up the upstream announcement of a security flaw in
> kwallet-pam [1] I would like to upload the upstream fixes to
> stretch. All the versions prior the (not yet released) 5.12.6 are
> affected by this. The fix w
Source: sddm
Severity: wishlist
Hi,
starting with stretch xorg-server has been fixed to allow to run X as
an unprivileged user. This currently works fine for sessions initiated
by GDM3 and for anyone starting X11 through startx.
SDDM however still initiates the session with X11 running as root. F
On Sat, Jun 17, 2017 at 11:00:26AM +0200, Sandro Knauß wrote:
> Hey,
>
> I backported the patch for jessie. I attached a debdiff and waiting for your
> response to upload.
Hi Sandro,
sorry for the late reply, I was on afk myself.
This is fairly obscure feature with IMO little practical impact a
On Tue, Jan 31, 2017 at 12:22:34PM -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
> On lunes, 30 de enero de 2017 20:15:38 ART Salvatore Bonaccorso wrote:
> > Hi
> >
> > It might be noted that the issues itself are mitigated with the fixes
> > applied for CVE-2016-7966, and a user protected fr
Source: qtbase-opensource-src
Severity: important
Tags: security
Hi QT maintainers,
there was the following report on QXmlSimpleReader:
http://www.openwall.com/lists/oss-security/2016/12/24/2
Which upstream later later on labels as deprecated:
http://www.openwall.com/lists/oss-security/2017/01/09
On Wed, Nov 02, 2016 at 02:02:37PM +0100, Sandro Knauß wrote:
> Hey,
>
> nice roundtrip :) Actually this additional updates for CVE-2016-7966 were
> introduced by me, when I was fixing the Debian packages.
>
> This means the packages in Debian have the additional patches backported
> already.
On Fri, Oct 14, 2016 at 08:23:04PM +0200, Sandro Knauß wrote:
> Hey,
>
> I now back ported the second part of the fix of the CVE. I updated the
> version
> deb8u1 from Scott. Should I create a deb8u2 for the additional patch?
>
> I attached the uptodate debdiff.
Thanks, please upload.
Cheers,
B0;115;0cOn Wed, Oct 12, 2016 at 02:56:06PM -0400, Scott Kitterman wrote:
> Proposed update attached. It is the exact upstream commit that resolved this
> issue upstream (relevant code is unchanged from stable) and I have the fix
> running locally. I do not have an example of the exploit to ver
Package: kinit
Version: 5.22.0-1
Severity: grave
Tags: security
Hi,
please see
https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://quickgit.kde.org/?p=kinit.git
Source: sddm
Severity: grave
Tags: security
This was assigned CVE-2015-0856:
https://github.com/sddm/sddm/commit/4cfed6b0a625593
Cheers,
Moritz
Source: signon-ui
Severity: serious
signon-ui build-depends on libgstreamer-plugins-base0.10-dev, but
gstreamer 0.10 is scheduled for removal:
https://lists.debian.org/debian-devel/2015/05/msg00335.html
Cheers,
Moritz
On Wed, Sep 16, 2015 at 03:26:27PM -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
> On Wednesday 16 September 2015 15:25:06 Lisandro Damián Nicanor Pérez Meyer
> wrote:
> > On Wednesday 16 September 2015 20:08:37 Moritz Mühlenhoff wrote:
> > > On Wed, May 20, 2015 at 01:32:13PM -0300, Lisandro
On Mon, Mar 02, 2015 at 07:32:11PM +0300, Dmitry Shachnev wrote:
> clone -1 -2
> reassign -2 libqt5gui5 5.3.2+dfsg-4
> thanks
>
> On Mon, 02 Mar 2015 10:18:40 -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> > And we have the same bug for Qt5 too.
> >
> > Moritz, do you thing it's grave enough
Package: qt4-x11
Severity: important
Tags: security
Justification: user security hole
Hi,
please see
http://lists.qt-project.org/pipermail/announce/2015-February/59.html
for details and a patch.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with
Package: kde4libs
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see https://bugzilla.novell.com/show_bug.cgi?id=864716 for the original
bug report. The upstream fix is available here:
http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594
On Mon, Jul 14, 2014 at 06:34:40PM +0200, Moritz Mühlenhoff wrote:
> On Wed, Jul 09, 2014 at 10:16:07PM +0200, Moritz Muehlenhoff wrote:
> > Source: kde-workspace
> > Severity: wishlist
> > Tags: patch
> >
> > activation of the service
> > -
Source: kde-workspace
Severity: wishlist
Tags: patch
Hi KDE maintainers,
the attached patch adds systemd support to KDM. It's working well for
me, but some things are still up for discussion/need work.
Some notes:
consolekit:
---
This patch disables consolekit support (this part of the ch
On Mon, Jun 09, 2014 at 09:01:46PM +1000, Hamish Moffatt wrote:
> On 09/06/14 15:17, Salvatore Bonaccorso wrote:
>> Hi,
>>
>> On Sun, Jun 01, 2014 at 11:30:15PM -0300, Lisandro Damián Nicanor Pérez
>> Meyer wrote:
>>> tag 750141 moreinfo
>>> thanks
>>>
>>> On Monday 02 June 2014 11:19:05 Hamish Mo
Package: kdelibs5-dev
Version: 4:4.12.4-1
Severity: important
It appears as if /usr/include/kio/global.h is breaking the build
of kradio4: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747778
Cheers,
Moritz
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
AP
Hi,
I've upgraded my desktop machine from Wheezy to Jessie a few days ago. All in
all
it looks really nice, thanks for maintaining KDE in Debian!
Three suggestions/discussion topics I'd like to raise:
- With the default desktop there're notifications on new updates, but the
standard tool
(I'm
Package: qt4-x11
Severity: normal
I suggest to remove NAS support from libqtgui4 or move it to a separate
module which can be installed selectively. NAS is a vintage sound
server and unlikely to be present on modern desktop system (since it
would also fight with pulseaudio over sound device contro
Hi KDE maintainers,
when triaging some recent security issues I noticed that this bug had been
assigned a CVE
ID: https://bugs.kde.org/show_bug.cgi?id=314919
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4133
The fix is here and part of 4.10.5 release of kde-workspace:
https://projects.kd
Package: kde-workspace
Severity: important
Tags: security
Justification: user security hole
Hi,
this was assigned CVE-2013-4132:
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
oldstable and stable are not affected, since the eglib
Package: kdeplasma-addons
Severity: important
Tags: security
Please see http://seclists.org/oss-sec/2013/q2/429
Once an upstream fix is available, we can fix this in
a point update.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of "un
Package: qt4-x11
Severity: important
Tags: security
Please see http://seclists.org/oss-sec/2013/q1/21
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.d
On Tue, Dec 04, 2012 at 07:04:51PM +0100, Thijs Kinkhorst wrote:
> Package: qt4-x11
> Severity: serious
> Tags: security patch
>
> Hi,
>
> A security advisory has been posted by Qt regarding XmlHttpRequest
> insecure redirection:
> http://lists.qt-project.org/pipermail/announce/2012-November/
Package: calligra
Severity: grave
Tags: security
Justification: user security hole
Please see:
https://projects.kde.org/projects/calligra/repository/diff?rev=7d72f7dd8d28d18c59a08a7d43bd4e0654043103&rev_to=7a9fa21b1f812b74b3e1501480dd14d10aeb347b
Reported here:
http://media.blackhat.com/bh-us-12/
severity 590147 important
thanks
On Sun, May 27, 2012 at 11:50:08AM +0200, Moritz Mühlenhoff wrote:
> On Mon, Nov 29, 2010 at 11:28:31AM +0200, Modestas Vainius wrote:
> > > The two are from my point of view RC
> >
> > No, the first part is not RC because:
> >
> > 1) it is rare enough
> > 2) th
On Wed, Dec 21, 2011 at 06:01:08PM +, Jonathan Wiltshire wrote:
> Dear maintainer,
>
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the
On Tue, Jul 26, 2011 at 10:20:46PM +0200, Moritz Muehlenhoff wrote:
> Package: ark
> Version: 4:4.6.5-2
> Severity: grave
> Tags: security
>
> The following was reported on oss-security. There's no CVE assignment
> or any details yet:
>
> ---
> Date: Mon, 25 J
Package: qt4-x11
Severity: grave
Tags: security
Please see these links for details and patches:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3193
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3194
I haven't checked the impact on oldstable/stable yet, please get in touch
with t...@s
Package: ffmpegthumbs
Severity: important
Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
http://en.wikipedia.org/wiki/FFmpeg for more information)
Your package currently fails to build from source when built against
Package: ark
Version: 4:4.6.5-2
Severity: grave
Tags: security
The following was reported on oss-security. There's no CVE assignment
or any details yet:
---
Date: Mon, 25 Jul 2011 14:45:14 -0400
From: Jeff Mitchell
Subject: [oss-security] CVE Request: Ark path traversal
Hello,
Ark contains a p
Package: kdeutils
Version: 4:4.4.5-1
Severity: normal
Could the Depends on "kfloppy" be lowered to a Recommends?
Floppy drives are really arcane technology these days, it should
be possible to remove the package if needed, while still keeping
the kdeutils metapackage.
Cheers,
Moritz
--
Hi,
as discussed before
(http://lists.debian.org/debian-release/2010/08/msg01848.html)
we need to document the de-facto status of Squeeze browser support
in the release notes. Proposed text below.
Any objections and/or spelling improvements by native speakers?
[Webkit, Chromium and KDE maintainer
On Wed, Apr 28, 2010 at 09:46:44PM +0200, Moritz Muehlenhoff wrote:
> On Sun, Apr 25, 2010 at 11:05:09PM +0200, Eckhart Wörner wrote:
> > Hi Moritz,
> >
> > > Since you're writing with a @kde.org address: My mail to secur...@kde.org
> > > was left unans
On Thu, Jul 01, 2010 at 10:55:11AM +0300, Fathi Boudra wrote:
> > it isn't coherent.
>
> sorry, I was thinking to Qt 4.7 ...
> current released version should be affected.
Could you please report this upstream? It's not clear to me
where to find the QT bug tracking system on the Nokia website.
C
tags 585622 moreinfo
thanks
On Sat, Jun 12, 2010 at 08:48:56PM +0800, Michael Tsang wrote:
> Package: kate
> Version: 4:4.4.3-1
> Severity: grave
> Justification: causes non-serious data loss
>
> 1 open a text/plain document in Konqueror
> 2 highlight some text in the embedded katepart
> 3 click
On Thu, Jul 29, 2010 at 07:38:48PM -0400, Moritz Muehlenhoff wrote:
> On Tue, Mar 24, 2009 at 07:14:12AM +0100, Sune Vuorela wrote:
> > On Tuesday 24 March 2009 04:19:35 Mike O'Connor wrote:
> > > Package: kdelibs
> > > Version: 3.5.10.dfsg.1-2
> > > Sever
On Tue, Mar 24, 2009 at 07:14:12AM +0100, Sune Vuorela wrote:
> On Tuesday 24 March 2009 04:19:35 Mike O'Connor wrote:
> > Package: kdelibs
> > Version: 3.5.10.dfsg.1-2
> > Severity: serious
> > Justification: dfsg #1
> >
> >
> > While working on #520485, I noticed that we are distributing several
On Thu, Jul 29, 2010 at 02:59:56PM -0400, Moritz Muehlenhoff wrote:
> On Sat, Jul 17, 2010 at 05:51:05PM +0200, Arne Wichmann wrote:
> > Hi,
> >
> > Is there any progress on this issue?
>
> I've installed fossology and I'm currentÃly running license ana
On Sat, Jul 17, 2010 at 05:51:05PM +0200, Arne Wichmann wrote:
> Hi,
>
> Is there any progress on this issue?
I've installed fossology and I'm currentÃly running license analysis
agents to generate a complete copyright file from it.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-q
On Sun, Apr 25, 2010 at 11:05:09PM +0200, Eckhart Wörner wrote:
> Hi Moritz,
>
> > Since you're writing with a @kde.org address: My mail to secur...@kde.org
> > was left unanswered. Do you have a suggestion who to contact instead?
>
> secur...@kde.org is the right place and several people have pr
Hi Eckhart,
On Sun, Apr 04, 2010 at 02:34:32AM +0200, Eckhart Wörner wrote:
> > > CVE-2009-1703[25]:
> > > | WebKit in Apple Safari before 4.0 does not prevent references to file:
> > > | URLs within (1) audio and (2) video elements, which allows remote
> > > | attackers to determine the existence
severity 561760 important
thanks
Michael Gilbert wrote:
> Package: qt4-x11
> Version: 4:4.5.3-4
> Severity: grave
> Tags: security
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) ids were
> published for webkit. qt4-x11 embeds webkit, so most of these issues
> are likely appl
Michael Gilbert wrote:
> Package: kde4libs
> Version: 4:4.3.4-1
> Severity: serious
> Tags: security
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) ids were
> published for webkit. webkit was forked from khtml, so these
> issues very like apply to this package as well. Since
severity 561765 important
thanks
> The following CVE (Common Vulnerabilities & Exposures) ids were
> published for webkit. webkit was forked from khtml, so these
> issues very like apply to this package as well. Since there are so
> many problems, I have not had time to check whether the vulnera
On Sun, Dec 06, 2009 at 11:50:06PM -0500, Michael Gilbert wrote:
> Package: arts
> Severity: grave
> Tags: security
Is arts still needed since KDE 4 uses Phonon or should we remove it
for Squeeze?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a
reassign 491357 kmix
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Tue, Nov 18, 2008 at 07:46:29PM +0800, Weakish Jiang wrote:
> Package: knotes
> Version: 4:3.5.9-5
> Severity: serious
>
> --- Please enter the report below this line. ---
>
> double right-click on the heading area of the sticky notes cause X to crash
I can't reproduce on i386 with current Le
On Fri, Oct 24, 2008 at 07:16:29PM +0200, Ana Guerrero wrote:
> Hola Moritz,
>
> On Fri, Oct 24, 2008 at 04:14:39PM +0200, Moritz Muehlenhoff wrote:
> > Hi,
> > Would you mind if I upload a fix for #502459 for Lenny
> > (using the upstream fix, not the workaround I p
Hi,
Would you mind if I upload a fix for #502459 for Lenny
(using the upstream fix, not the workaround I posted earlier)?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, Oct 17, 2008 at 04:10:08PM +0100, Dave Williams wrote:
> Konqueror crashes when ever i try to visit my 'My Ebay' page on the UK
> version
> of EBay (http://www.ebay.co.uk). It loads the login page fine, but once i've
> clicked the 'sign in' button, the status bar does a bit of stuff that
On Thu, Oct 16, 2008 at 07:38:57PM +0200, Micha Lenk wrote:
> Package: konqueror
> Version: 4:3.5.9.dfsg.1-5
> Severity: serious
> Justification: crash on popular website
>
> Hi,
>
> I've discovered a crash of konqueror on a specific page on eBay.de.
> The crash is reliable reproducable on my eBa
On Tue, Jun 24, 2008 at 06:11:12PM +0200, Ana Guerrero wrote:
>
> Hi Moritz,
>
> On Mon, Jun 23, 2008 at 12:21:50AM +0200, Moritz Muehlenhoff wrote:
> > Hi,
> > CVE-2008-1671 / #478024 doesn't warrant a DSA, but I'll fix it through a
> > point update. Ar
Hi,
CVE-2008-1671 / #478024 doesn't warrant a DSA, but I'll fix it through a
point update. Are there other important kdelibs bugfixes for Etch I
should add to that update?
Please CC, I'm not subscribed to the list.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a sub
user debian-qt-kde@lists.debian.org
usertag #416787 +fixed-kde4
thanks
Ilya Martynov wrote:
> Package: ksvg
> Version: 4:3.5.5-3
> Severity: normal
>
> See attached SVG file. Both firefox and rsvg-view have no problem
> displaying it. I tried to convert the same SVG image via online
> service at
Package: libkonq5
Version: 4:3.96.0-1
Severity: normal
I'm aware that KDE 4 bugs are supposed to be filed upstream, but since
this is a packaging bug, I'll file it here anyway. When installing
the latest KDE4 packages from experimental I got:
Unpacking kdelibs5 (from .../kdelibs5_4%3a3.96.0-1_i38
Moritzdiff -Naur kdegraphics-3.5.5.orig/debian/changelog kdegraphics-3.5.5/debian/changelog
--- kdegraphics-3.5.5.orig/debian/changelog 2007-08-03 13:26:27.0 +0200
+++ kdegraphics-3.5.5/debian/changelog 2007-08-03 13:38:11.0 +0200
@@ -1,3 +1,9 @@
+kdegraphics (4:3.5.5-3etch1) stable-secur
Package: koffice
Severity: important
[I'm considering this RC, but filing as important nonetheless for now]
koffice embeds a copy of xpdf, which causes a huge maintenance overhead
whenever a security problem in found in xpdf.
For Lenny koffice should link against the library version of the xpdf
Package: kpdf
Version: 4:3.5.7-3
Severity: important
[I'm considering this RC, but filing as important nonetheless for now]
kpdf embeds a copy of xpdf, which causes a huge maintenance overhead
whenever a security problem in found in xpdf.
For Lenny kpdf should link against the library version of
On 25th September Moritz Muehlenhoff wrote:
> Hi,
> I'm currently checking the list of DSAs, which we noted a "will be
> fixed soon". Have the patches from DSA 1019 (CVE-2006-1244) been
> fixed in sid in the mean time? In which version?
What's the status? Freez
Hi,
I'm currently checking the list of DSAs, which we noted a "will be
fixed soon". Have the patches from DSA 1019 (CVE-2006-1244) been
fixed in sid in the mean time? In which version?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
Alec Berryman wrote:
> CVE-2006-3672: "KDE Konqueror 3.5.1 and earlier allows remote attackers
> to cause a denial of service (application crash) by calling the
> replaceChild method on a DOM object, which triggers a null dereference,
> as demonstrated by calling document.replaceChild with a 0 (zer
Package: koffice
Severity: grave
Tags: security
Justification: user security hole
Some heap overflows have been found in xpdf, of which koffice ships
a local copy. It is therefore vulnerable to a subset of the xpdf issues:
CVE-2005-3191:
http://www.idefense.com/application/poi/display?id=342
http
tag 342287 security
thanks
Hi,
I can confirm that kpdf is vulnerable to all the latest xpdf vulnerabilities,
please mention the CVE mappings from the iDefense advisories in the changelog
when fixing this.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "u
Package: kdebase-bin
Version: 3.4.2-2
Severity: grave
Tags: security
Justification: user security hole
Please see http://www.kde.org/info/security/advisory-20050905-1.txt for details
and a patch.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstabl
Package: kpdf
Severity: important
Tags: security patch
A DoS vulnerability has been found in xpdf that affects the kpdf
of the soon to be uploaded 3.4.1 packages:
| kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
| a vulnerability that causes it to write a file in $TMPDIR with
| al
Package: kopete
Severity: normal
Kopete embeds a copy of the gadu library, which is vulnerable to
remotely exploitable integer overflows. Judging from the original KDE
advisory the embedded version is only used as a fallback. As there's
a dependency on Debian's libgadu, which has already been fixe
Package: kate
Severity: important
Tags: security
Kate creates backup files with default permissions, which may cause
sensitive information to be visible to other users on the system.
Please see http://www.kde.org/info/security/advisory-20050718-1.txt
for full details.
stable, testing and sid are
There now has been an official KDE advisory for this as well.
Please refer to CAN-2005-1046 when fixing this.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: kdelibs4
Severity: grave
Tags: security
Justification: user security hole
Invalid range checking in PCX header parsing possibly permits execution
of arbitrary code. Please see http://bugs.kde.org/show_bug.cgi?id=102328
for a full description, a crafted test image and a patch from Waldo Ba
Package: kpdf
Version: 4:3.3.2-1
Severity: grave
Tags: security patch
Justification: user security hole
Dear KDE maintainers,
the security fix for CAN-2005-0064 was derived from xpdf 3.00-12, which
in fact turned out to be incomplete wrt to a missing range check in XRef.cc.
Attached you can find a
Hi,
this applies to woody as well. Attached you can find the backported upstream
patch against 2.2.2. BTW, this is CAN-2004-1165.
Cheers,
Moritz
diff -Naur kdelibs-2.2.2.orig/kio/ftp/ftp.cc kdelibs-2.2.2/kio/ftp/ftp.cc
--- kdelibs-2.2.2.orig/kio/ftp/ftp.cc Wed Jan 5 12:29:07 2005
+++ kd
Adeodato Simó wrote:
> > I can confirm that bug for my setup as well. Input is taken, it get's
> > checked and afterwards I receive a message that the password check
> > went wrong.
>
> what message exactly? it may not be the same problem as others' (which
> do successfully log in but fail aft
Hi,
I can confirm that bug for my setup as well. Input is taken, it get's
checked and afterwards I receive a message that the password check
went wrong. When I select "console login" and run startx KDE starts
as usual.
Cheers,
Moritz
90 matches
Mail list logo
