Bug#772806: unblock: kde-runtime/4:4.14.2-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package kde-runtime.
The new version includes the upstream patch that fixes CVE-2014-8600 [1] parts
related to kde-runtime.
[1]: https://security-tracker.debian.org/tracker/CVE-2014-8600
Happy releasing. :)
unblock kde-runtime/4:4.14.2-2
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru kde-runtime-4.14.2/debian/changelog kde-runtime-4.14.2/debian/changelog
--- kde-runtime-4.14.2/debian/changelog 2014-10-21 19:12:40.000000000 +0200
+++ kde-runtime-4.14.2/debian/changelog 2014-12-10 20:23:02.000000000 +0100
@@ -1,3 +1,14 @@
+kde-runtime (4:4.14.2-2) unstable; urgency=medium
+
+ [ Lisandro Damián Nicanor Pérez Meyer ]
+ * Remove myself from Uploaders.
+
+ [ Maximiliano Curia ]
+ * New upstream patch: upstream_sanitize_path, fixes CVE-2014-8600
+ (Closes: #769632) Thanks to Salvatore Bonaccorso
+
+ -- Maximiliano Curia <maxy@debian.org> Wed, 10 Dec 2014 20:23:02 +0100
+
kde-runtime (4:4.14.2-1) unstable; urgency=medium
* Add Suggests of libcanberra-pulse and sound-theme-freedesktop, used
diff -Nru kde-runtime-4.14.2/debian/control kde-runtime-4.14.2/debian/control
--- kde-runtime-4.14.2/debian/control 2014-10-21 19:12:40.000000000 +0200
+++ kde-runtime-4.14.2/debian/control 2014-12-10 20:23:02.000000000 +0100
@@ -7,7 +7,6 @@
Modestas Vainius <modax@debian.org>,
George Kiagiadakis <kiagiadakis.george@gmail.com>,
Eshat Cakar <info@eshat.de>,
- Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>,
Maximiliano Curia <maxy@debian.org>
Build-Depends: cmake,
debhelper (>= 9),
diff -Nru kde-runtime-4.14.2/debian/patches/series kde-runtime-4.14.2/debian/patches/series
--- kde-runtime-4.14.2/debian/patches/series 2014-10-21 19:12:40.000000000 +0200
+++ kde-runtime-4.14.2/debian/patches/series 2014-12-10 20:23:02.000000000 +0100
@@ -4,3 +4,4 @@
use_the_correct_locale.patch
disable_flacky_tests
disable_kwalletd_autotests
+upstream_sanitize_path
diff -Nru kde-runtime-4.14.2/debian/patches/upstream_sanitize_path kde-runtime-4.14.2/debian/patches/upstream_sanitize_path
--- kde-runtime-4.14.2/debian/patches/upstream_sanitize_path 1970-01-01 01:00:00.000000000 +0100
+++ kde-runtime-4.14.2/debian/patches/upstream_sanitize_path 2014-12-10 20:23:02.000000000 +0100
@@ -0,0 +1,27 @@
+commit d68703900edc8416fbcd2550cd336cbbb76decb9
+Author: Martin Sandsmark <martin.sandsmark@kde.org>
+Date: Thu Nov 13 13:29:01 2014 +0100
+
+ Sanitize path
+
+diff --git a/kioslave/bookmarks/kio_bookmarks.cpp b/kioslave/bookmarks/kio_bookmarks.cpp
+index 750495d..53c8aa3 100644
+--- a/kioslave/bookmarks/kio_bookmarks.cpp
++++ b/kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+
+ #include <qregexp.h>
++#include <qtextdocument.h>
+
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@ void BookmarksProtocol::get( const KUrl& url )
+ echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+ } else {
+ echoHead();
+- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++ echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+ }
+ finished();
+ }
Reply to: