Re: KDE Security Advisory: URI Handler Vulnerabilities

To: debian-kde@lists.debian.org
Subject: Re: KDE Security Advisory: URI Handler Vulnerabilities
From: Alejandro Exojo <suy@kurly.org>
Date: Tue, 18 May 2004 21:54:06 +0200
Message-id: <[🔎] 200405182154.06324.suy@kurly.org>
In-reply-to: <[🔎] q3qia0p1ol4tk1hh9qdpcn1usv4oe43d9o@4ax.com>
References: <[🔎] q3qia0p1ol4tk1hh9qdpcn1usv4oe43d9o@4ax.com>

El Martes, 18 de Mayo de 2004 04:09, Nick Boyce escribió:
> It would appear the right advice is to stop using Konqueror to surf
> the web until we have our KDEs fixed.

If you don't visit cracker's websites, you can feel more or less secure. I 
don't waste my time filling a website with malicious links, and I think most 
people don't do that neither :-).

Remember that you should click on a malicious link to activate an exploit, if 
you don't trust very much the website you're visiting, you can check the URLs 
first (take a look at the status bar: the URL appears when the pointer is 
over a link).

> As a Woody KDE user I'm aware that the usual packager
> suspects^H^H^H^H^H^H^H^Hheros are all somewhat preoccupied, so I guess
> self-help may be required here - but I've never built a Debian KDE
> package, so if somebody could post a pointer to a simple howto on
> doing this from a source deb and patches I'd be grateful.

You're using backported KDE, right? If you use official KDE, and it has 
security problems, you should check if your security.debian.org line in 
sources.list is working. Otherwise, you can follow the next steps:

This micro-howto comes with no warranty 0:-), but probably is all OK if a real 
debian packager doesn't corrects me.

1. Try 'apt-get source' on the packages you want to patch.

2. If in the source, there is a debian/patches/ directory (i can't recall at 
this moment, but I think the answer is yes), copy the patches in that 
directory. They will be applied automatically. Otherwise, you should patch 
the sources manually.

3. apt-get build-dep [the package(s) you want to compile]

4. Change to the package's root directory, and run dpkg-buildpackage -us -uc 
-rfakeroot

This will generate some .deb files, which you should install. If the 
compilation fails due to missing packages, is because I forgot to mention 
them, sorry :-).

>
> Or I suppose switching to Mozilla for a while may be a sensible option

Is a solution, of course.

Best regards.

-- 
Alex (a.k.a. suy) - GPG ID 0x0B8B0BC2
http://darkshines.net/ - Jabber ID: suy@bulmalug.net

Reply to:

Follow-Ups:
- Re: KDE Security Advisory: URI Handler Vulnerabilities
  - From: Nick Boyce <nick@glimmer.demon.co.uk>
- Re: KDE Security Advisory: URI Handler Vulnerabilities
  - From: Hendrik Sattler <ubq7@rz.uni-karlsruhe.de>
- Re: KDE Security Advisory: URI Handler Vulnerabilities
  - From: Nick Boyce <nick@glimmer.demon.co.uk>

References:
- KDE Security Advisory: URI Handler Vulnerabilities
  - From: Nick Boyce <nick@glimmer.demon.co.uk>

Prev by Date: Re: Font Woes - Solved!!!
Next by Date: KDE is preventing laptop disk spindown by incessant configfile-writing
Previous by thread: Re: KDE Security Advisory: URI Handler Vulnerabilities
Next by thread: Re: KDE Security Advisory: URI Handler Vulnerabilities
Index(es):
- Date
- Thread