UbuntuUpdates.org

Package "kde4libs"

Name: kde4libs

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • core executables for KDE Applications
  • core shared data for all KDE Applications
  • debugging symbols for the KDE Development Platform libraries
  • development files for the KDE Development Platform libraries

Latest version: 4:4.8.5-0ubuntu0.6
Release: precise (12.04)
Level: security
Repository: main

Links



Other versions of "kde4libs" in Precise

Repository Area Version
base universe 4:4.8.2-0ubuntu1
base main 4:4.8.2-0ubuntu1
security universe 4:4.8.5-0ubuntu0.6
updates main 4:4.8.5-0ubuntu0.6
updates universe 4:4.8.5-0ubuntu0.6
PPA: Kubuntu-ppa Beta 4:4.11.97-0ubuntu1~ubuntu12.04~ppa3
PPA: Kubuntu-ppa Backports 4:4.14.2-0ubuntu1~ubuntu12.04~ppa1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4:4.8.5-0ubuntu0.6 2017-03-09 15:06:55 UTC

  kde4libs (4:4.8.5-0ubuntu0.6) precise-security; urgency=medium

  * SECURITY UPDATE: information leak via crafted PAC file (LP: #1668871)
    - debian/patches/CVE-2017-6410.patch: sanitize URLs in
      kio/misc/kpac/script.cpp.
    - CVE-2017-6410

 -- Marc Deslauriers <email address hidden> Wed, 08 Mar 2017 10:28:36 -0500

Source diff to previous version
1668871 kio: Information Leak when accessing https when using a malicious PAC file
CVE-2017-6410 kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including

Version: 4:4.8.5-0ubuntu0.5 2016-07-26 19:06:54 UTC

  kde4libs (4:4.8.5-0ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: file extraction out of the expected directory
    - debian/patches/CVE-2016-6232.patch: limit files to extraction folder
      in kdecore/io/karchive.cpp.
    - CVE-2016-6232

 -- Marc Deslauriers <email address hidden> Mon, 25 Jul 2016 15:06:18 -0400

Source diff to previous version

Version: 4:4.8.5-0ubuntu0.4 2014-07-31 15:06:38 UTC

  kde4libs (4:4.8.5-0ubuntu0.4) precise-security; urgency=medium

  * SECURITY UPDATE: kauth authentication bypass (LP: #1350019)
    - debian/patches/CVE-2014-5033.patch: use dbus system bus name instead
      of PID for authentication. Cherry-picked from upstream.
    - CVE-2014-5033
 -- Felix Geyer <email address hidden> Wed, 30 Jul 2014 18:55:20 +0200

Source diff to previous version
1350019 CVE-2014-5033: kauth authentication bypass
CVE-2014-5033 kauth authentication bypass

Version: 4:4.8.5-0ubuntu0.2 2013-05-29 08:06:59 UTC

  kde4libs (4:4.8.5-0ubuntu0.2) precise-security; urgency=low

  * SECURITY UPDATE: information disclosure via error notifications
    - debian/patches/kubuntu_use_pretty_url.diff: update
      kioslave/http/http.cpp to use prettyUrl()
    - CVE-2013-2074
    - LP: #1178286
 -- Rohan Garg <email address hidden> Thu, 09 May 2013 16:36:38 +0100

Source diff to previous version
1178286 Security advisory from KDE upstream
CVE-2013-2074 prints passwords contained in HTTP URLs in error messages

Version: 4:4.8.4a-0ubuntu0.2 2012-07-19 14:07:02 UTC

  kde4libs (4:4.8.4a-0ubuntu0.2) precise-security; urgency=low

  * No change rebuild in the security pocket
 -- Marc Deslauriers <email address hidden> Fri, 13 Jul 2012 09:32:36 -0400




About   -   Send Feedback to @ubuntu_updates