Re: KDE Security Advisory: URI Handler Vulnerabilities
El Martes, 18 de Mayo de 2004 04:09, Nick Boyce escribió:
> It would appear the right advice is to stop using Konqueror to surf
> the web until we have our KDEs fixed.
If you don't visit cracker's websites, you can feel more or less secure. I
don't waste my time filling a website with malicious links, and I think most
people don't do that neither :-).
Remember that you should click on a malicious link to activate an exploit, if
you don't trust very much the website you're visiting, you can check the URLs
first (take a look at the status bar: the URL appears when the pointer is
over a link).
> As a Woody KDE user I'm aware that the usual packager
> suspects^H^H^H^H^H^H^H^Hheros are all somewhat preoccupied, so I guess
> self-help may be required here - but I've never built a Debian KDE
> package, so if somebody could post a pointer to a simple howto on
> doing this from a source deb and patches I'd be grateful.
You're using backported KDE, right? If you use official KDE, and it has
security problems, you should check if your security.debian.org line in
sources.list is working. Otherwise, you can follow the next steps:
This micro-howto comes with no warranty 0:-), but probably is all OK if a real
debian packager doesn't corrects me.
1. Try 'apt-get source' on the packages you want to patch.
2. If in the source, there is a debian/patches/ directory (i can't recall at
this moment, but I think the answer is yes), copy the patches in that
directory. They will be applied automatically. Otherwise, you should patch
the sources manually.
3. apt-get build-dep [the package(s) you want to compile]
4. Change to the package's root directory, and run dpkg-buildpackage -us -uc
This will generate some .deb files, which you should install. If the
compilation fails due to missing packages, is because I forgot to mention
them, sorry :-).
> Or I suppose switching to Mozilla for a while may be a sensible option
Is a solution, of course.
Alex (a.k.a. suy) - GPG ID 0x0B8B0BC2
http://darkshines.net/ - Jabber ID: email@example.com