Processing of kdeconnect_1.3.3-1_source.changes
kdeconnect_1.3.3-1_source.changes uploaded successfully to localhost along with the files: kdeconnect_1.3.3-1.dsc kdeconnect_1.3.3.orig.tar.xz kdeconnect_1.3.3.orig.tar.xz.asc kdeconnect_1.3.3-1.debian.tar.xz kdeconnect_1.3.3-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#900710: marked as done (very out of date manpage)
Your message dated Mon, 12 Nov 2018 08:41:46 + with message-id and subject line Bug#900710: fixed in kdeconnect 1.3.3-1 has caused the Debian Bug report #900710, regarding very out of date manpage to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 900710: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: kdeconnect Version: 1.3.1-1 Severity: normal Hi, It seems debian/kdeconnect-cli.1 hasn't been updated since 2014-07-01. I can confirm that the manpage definitely does not reflect the output of 'kdeconnect-cli --help'. If upstream does not yet provide a mechanism to generate a manpage from the same source as 'kdeconnect-cli --help' then we should either ask for this functionality or provide a patch. Feel free to set me as the owner of this bug if you'd like me to take care of it. Cheers! Nicholas --- End Message --- --- Begin Message --- Source: kdeconnect Source-Version: 1.3.3-1 We believe that the bug you reported is fixed in the latest version of kdeconnect, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 900...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pino Toscano (supplier of updated kdeconnect package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 12 Nov 2018 08:57:34 +0100 Source: kdeconnect Binary: kdeconnect Architecture: source Version: 1.3.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Pino Toscano Description: kdeconnect - connect smartphones to your KDE Plasma Workspace Closes: 900710 Changes: kdeconnect (1.3.3-1) unstable; urgency=medium . * Team upload. * New upstream release. * Simplify handling of build flags: debhelper since compat 9 already passes all the right flags to cmake, so use the dpkg-buildflags envvars to only link in as-needed mode. * Stop using the pkgkde-symbolshelper dh addon, since there are no symbols. * Bump Standards-Version to 4.2.1, no changes required. * Drop the Debian-provided kdeconnect-cli man page: very outdated, not touched in the last 4 years, and thus not useful. (Closes: #900710) Checksums-Sha1: 867813cf9b5f75eaf2654e0cba115a8d3ef62b60 2877 kdeconnect_1.3.3-1.dsc a88fe2fb199deaba3f165a12ee1e18f1acce83df 284712 kdeconnect_1.3.3.orig.tar.xz e422e635169bccde35698f36226b3dd5f4b6feba 774 kdeconnect_1.3.3.orig.tar.xz.asc a6285e1166e11675c5cc701232b9a53c92ce3844 8820 kdeconnect_1.3.3-1.debian.tar.xz b1d2fca5e3a42ef243751c6a043db4f716fa3576 20127 kdeconnect_1.3.3-1_source.buildinfo Checksums-Sha256: ee734383cb0d7c2840d40f67c08ff7db6c3267d8722c422ced6cda3893ec1c48 2877 kdeconnect_1.3.3-1.dsc 4f3f7709255757233bd6406acb0bff9c30e0e2a36737154ce63afb1a78054ced 284712 kdeconnect_1.3.3.orig.tar.xz d2791dd09a0005899cc31d90a9f88db29b09c34a4e3300ae23af1336b5ffc54c 774 kdeconnect_1.3.3.orig.tar.xz.asc ed3dbb49bc55de7ba0df22007312ae23a1b6d273e7fdb1c1c1cd41f534ede90c 8820 kdeconnect_1.3.3-1.debian.tar.xz e5e35185e0e25790b351c783cfabcf40f610b48d273b5228478149202f275fa1 20127 kdeconnect_1.3.3-1_source.buildinfo Files: b6be86945c910b887e85efbde3a1b046 2877 kde optional kdeconnect_1.3.3-1.dsc 0663f81934a584059e6a6451e284fccf 284712 kde optional kdeconnect_1.3.3.orig.tar.xz d9e9971c380bf0aac315dbfce5562578 774 kde optional kdeconnect_1.3.3.orig.tar.xz.asc 5f59bb2ed5c170b8d012b1fdee12217e 8820 kde optional kdeconnect_1.3.3-1.debian.tar.xz e197bd0ecd57215e517c30766ab030bd 20127 kde optional kdeconnect_1.3.3-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAlvpMuQACgkQLRkciEOx P03DXQ/+JusTma87BpCr4yXQ208/yXGZLYPnACnpr86FufUn+xjq+v8HqTYy5IiD ghODB+fBuuEJW24TQPSRNKQDyFY1OWSa338YeAMfqy5tgURIROfbGenedtShbpcf 8aTW51JMgnfl+UgUrfdM4eF5ytoXBPXVqpI4I6BkkcAU/fyQCD0TwL44XqWTCKoj zuhg0NfZi5vTLkYyH9Ib5GU1yasiIG2RCZ/bzpSMAeJDjjpjRSKxM9DWu2UvKTjn 7EU8RtUsLP5xtSwjLKxHV6k1IMub0xzKXHwwsK70oZxD9Ik+ktcF5GFpJAVnIm3q 7KeMJH78oIwolNyhIb8dBl6ik3xSbdCT7JUwdhA5fy8p+28msnOhbToiO5SXLhjG IbYMzysBV1itcAlFAD8iJLc7Bfqql/PRgXa2yKYliAxB+ZyXXZKDy0hoq4lU23VX 5YukMZvRTQkXZiSl8meUj0Zp
kdeconnect_1.3.3-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 12 Nov 2018 08:57:34 +0100 Source: kdeconnect Binary: kdeconnect Architecture: source Version: 1.3.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Pino Toscano Description: kdeconnect - connect smartphones to your KDE Plasma Workspace Closes: 900710 Changes: kdeconnect (1.3.3-1) unstable; urgency=medium . * Team upload. * New upstream release. * Simplify handling of build flags: debhelper since compat 9 already passes all the right flags to cmake, so use the dpkg-buildflags envvars to only link in as-needed mode. * Stop using the pkgkde-symbolshelper dh addon, since there are no symbols. * Bump Standards-Version to 4.2.1, no changes required. * Drop the Debian-provided kdeconnect-cli man page: very outdated, not touched in the last 4 years, and thus not useful. (Closes: #900710) Checksums-Sha1: 867813cf9b5f75eaf2654e0cba115a8d3ef62b60 2877 kdeconnect_1.3.3-1.dsc a88fe2fb199deaba3f165a12ee1e18f1acce83df 284712 kdeconnect_1.3.3.orig.tar.xz e422e635169bccde35698f36226b3dd5f4b6feba 774 kdeconnect_1.3.3.orig.tar.xz.asc a6285e1166e11675c5cc701232b9a53c92ce3844 8820 kdeconnect_1.3.3-1.debian.tar.xz b1d2fca5e3a42ef243751c6a043db4f716fa3576 20127 kdeconnect_1.3.3-1_source.buildinfo Checksums-Sha256: ee734383cb0d7c2840d40f67c08ff7db6c3267d8722c422ced6cda3893ec1c48 2877 kdeconnect_1.3.3-1.dsc 4f3f7709255757233bd6406acb0bff9c30e0e2a36737154ce63afb1a78054ced 284712 kdeconnect_1.3.3.orig.tar.xz d2791dd09a0005899cc31d90a9f88db29b09c34a4e3300ae23af1336b5ffc54c 774 kdeconnect_1.3.3.orig.tar.xz.asc ed3dbb49bc55de7ba0df22007312ae23a1b6d273e7fdb1c1c1cd41f534ede90c 8820 kdeconnect_1.3.3-1.debian.tar.xz e5e35185e0e25790b351c783cfabcf40f610b48d273b5228478149202f275fa1 20127 kdeconnect_1.3.3-1_source.buildinfo Files: b6be86945c910b887e85efbde3a1b046 2877 kde optional kdeconnect_1.3.3-1.dsc 0663f81934a584059e6a6451e284fccf 284712 kde optional kdeconnect_1.3.3.orig.tar.xz d9e9971c380bf0aac315dbfce5562578 774 kde optional kdeconnect_1.3.3.orig.tar.xz.asc 5f59bb2ed5c170b8d012b1fdee12217e 8820 kde optional kdeconnect_1.3.3-1.debian.tar.xz e197bd0ecd57215e517c30766ab030bd 20127 kde optional kdeconnect_1.3.3-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAlvpMuQACgkQLRkciEOx P03DXQ/+JusTma87BpCr4yXQ208/yXGZLYPnACnpr86FufUn+xjq+v8HqTYy5IiD ghODB+fBuuEJW24TQPSRNKQDyFY1OWSa338YeAMfqy5tgURIROfbGenedtShbpcf 8aTW51JMgnfl+UgUrfdM4eF5ytoXBPXVqpI4I6BkkcAU/fyQCD0TwL44XqWTCKoj zuhg0NfZi5vTLkYyH9Ib5GU1yasiIG2RCZ/bzpSMAeJDjjpjRSKxM9DWu2UvKTjn 7EU8RtUsLP5xtSwjLKxHV6k1IMub0xzKXHwwsK70oZxD9Ik+ktcF5GFpJAVnIm3q 7KeMJH78oIwolNyhIb8dBl6ik3xSbdCT7JUwdhA5fy8p+28msnOhbToiO5SXLhjG IbYMzysBV1itcAlFAD8iJLc7Bfqql/PRgXa2yKYliAxB+ZyXXZKDy0hoq4lU23VX 5YukMZvRTQkXZiSl8meUj0Zpcs6qblM6Rum7LoFG7jEZ067hngSjWz4hpvk40Rs1 HuF5h/v9m0x2/BhixLGJfO3Z4UWnfdTP2W3hnkkVT+pJ9k0mz7o4zb4YLoc2gIst aqNfGw1QeMfscwIkbOwCdPbYILB8jTPcGv9b5UoVWNLEn++/224x/VIIhgNApoDg +ADlvt2GNafXGeFzCUUvNDki4uAP65ED9uPzlK/qi0v+VEa8o5g= =3kPV -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processed: [bts-link] source package kde-runtime
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package kde-runtime > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # https://bts-link-team.pages.debian.net/bts-link/ > # > user debian-bts-l...@lists.debian.org Setting user to debian-bts-l...@lists.debian.org (was debian-bts-l...@lists.debian.org). > # remote status report for #718033 (http://bugs.debian.org/718033) > # Bug title: knotify manages to change clock source of the sound card hanging > it > # * http://bugs.kde.org/show_bug.cgi?id=322900 > # * remote status changed: UNCONFIRMED -> RESOLVED > # * remote resolution changed: (?) -> WORKSFORME > # * closed upstream > tags 718033 + fixed-upstream Bug #718033 [kde-runtime] knotify manages to change clock source of the sound card hanging it Added tag(s) fixed-upstream. > usertags 718033 - status-UNCONFIRMED Usertags were: status-UNCONFIRMED. Usertags are now: . > usertags 718033 + status-RESOLVED resolution-WORKSFORME There were no usertags set. Usertags are now: status-RESOLVED resolution-WORKSFORME. > # remote status report for #757368 (http://bugs.debian.org/757368) > # Bug title: kde-runtime: With homedirs on NFS, KDE complains about removed > sound devices when logging into different hardware > # * http://bugs.kde.org/show_bug.cgi?id=218533 > # * remote status changed: UNCONFIRMED -> NEEDSINFO > # * remote resolution changed: (?) -> WAITINGFORINFO > usertags 757368 - status-UNCONFIRMED Usertags were: status-UNCONFIRMED. Usertags are now: . > usertags 757368 + status-NEEDSINFO resolution-WAITINGFORINFO There were no usertags set. Usertags are now: status-NEEDSINFO resolution-WAITINGFORINFO. > thanks Stopping processing here. Please contact me if you need assistance. -- 718033: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718033 757368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: [bts-link] source package konqueror
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package konqueror > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # https://bts-link-team.pages.debian.net/bts-link/ > # > user debian-bts-l...@lists.debian.org Setting user to debian-bts-l...@lists.debian.org (was debian-bts-l...@lists.debian.org). > # remote status report for #688115 (http://bugs.debian.org/688115) > # Bug title: konq-plugins: web page archiving fails on some web pages > # * http://bugs.kde.org/show_bug.cgi?id=308829 > # * remote status changed: UNCONFIRMED -> RESOLVED > # * remote resolution changed: (?) -> WORKSFORME > # * closed upstream > tags 688115 + fixed-upstream Bug #688115 [konq-plugins] konq-plugins: web page archiving fails on some web pages Added tag(s) fixed-upstream. > usertags 688115 - status-UNCONFIRMED Usertags were: status-UNCONFIRMED. Usertags are now: . > usertags 688115 + status-RESOLVED resolution-WORKSFORME There were no usertags set. Usertags are now: resolution-WORKSFORME status-RESOLVED. > # remote status report for #690825 (http://bugs.debian.org/690825) > # Bug title: konqueror > # * http://bugs.kde.org/show_bug.cgi?id=308584 > # * remote status changed: UNCONFIRMED -> NEEDSINFO > # * remote resolution changed: (?) -> WAITINGFORINFO > usertags 690825 - status-UNCONFIRMED Usertags were: status-UNCONFIRMED. Usertags are now: . > usertags 690825 + status-NEEDSINFO resolution-WAITINGFORINFO There were no usertags set. Usertags are now: resolution-WAITINGFORINFO status-NEEDSINFO. > thanks Stopping processing here. Please contact me if you need assistance. -- 688115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688115 690825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690825 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: [bts-link] source package kde-workspace
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package kde-workspace > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # https://bts-link-team.pages.debian.net/bts-link/ > # > user debian-bts-l...@lists.debian.org Setting user to debian-bts-l...@lists.debian.org (was debian-bts-l...@lists.debian.org). > # remote status report for #630617 (http://bugs.debian.org/630617) > # Bug title: klipper: Klipper icon not appearing in system tray > # * http://bugs.kde.org/show_bug.cgi?id=310455 > # * remote status changed: UNCONFIRMED -> RESOLVED > # * remote resolution changed: (?) -> WORKSFORME > # * closed upstream > tags 630617 + fixed-upstream Bug #630617 [klipper] klipper: Klipper icon not appearing in system tray Added tag(s) fixed-upstream. > usertags 630617 - status-UNCONFIRMED Usertags were: status-UNCONFIRMED. Usertags are now: . > usertags 630617 + status-RESOLVED resolution-WORKSFORME There were no usertags set. Usertags are now: resolution-WORKSFORME status-RESOLVED. > thanks Stopping processing here. Please contact me if you need assistance. -- 630617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630617 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[bts-link] source package kde-workspace
# # bts-link upstream status pull for source package kde-workspace # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # https://bts-link-team.pages.debian.net/bts-link/ # user debian-bts-l...@lists.debian.org # remote status report for #630617 (http://bugs.debian.org/630617) # Bug title: klipper: Klipper icon not appearing in system tray # * http://bugs.kde.org/show_bug.cgi?id=310455 # * remote status changed: UNCONFIRMED -> RESOLVED # * remote resolution changed: (?) -> WORKSFORME # * closed upstream tags 630617 + fixed-upstream usertags 630617 - status-UNCONFIRMED usertags 630617 + status-RESOLVED resolution-WORKSFORME thanks
[bts-link] source package kmplot
# # bts-link upstream status pull for source package kmplot # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # https://bts-link-team.pages.debian.net/bts-link/ # user debian-bts-l...@lists.debian.org # remote status report for #683855 (http://bugs.debian.org/683855) # Bug title: incorrect extrema for second derivative - shows zero crossings # * http://bugs.kde.org/show_bug.cgi?id=304574 # * remote status changed: UNCONFIRMED -> NEEDSINFO # * remote resolution changed: (?) -> WAITINGFORINFO usertags 683855 - status-UNCONFIRMED usertags 683855 + status-NEEDSINFO resolution-WAITINGFORINFO thanks
[bts-link] source package k3b
# # bts-link upstream status pull for source package k3b # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # https://bts-link-team.pages.debian.net/bts-link/ # user debian-bts-l...@lists.debian.org # remote status report for #574543 (http://bugs.debian.org/574543) # Bug title: k3b: K3B fails to register any writable DVD-RAM devices, even though wodim does so easily. # * http://bugs.kde.org/show_bug.cgi?id=243635 # * remote status changed: UNCONFIRMED -> NEEDSINFO # * remote resolution changed: (?) -> WAITINGFORINFO usertags 574543 - status-UNCONFIRMED usertags 574543 + status-NEEDSINFO resolution-WAITINGFORINFO # remote status report for #616020 (http://bugs.debian.org/616020) # Bug title: k3b: Overwriting of an used BD-RE with burning iso image not allowed. Empty media needed. # * http://bugs.kde.org/show_bug.cgi?id=267543 # * remote status changed: UNCONFIRMED -> NEEDSINFO # * remote resolution changed: (?) -> WAITINGFORINFO usertags 616020 - status-UNCONFIRMED usertags 616020 + status-NEEDSINFO resolution-WAITINGFORINFO thanks
[bts-link] source package kde-runtime
# # bts-link upstream status pull for source package kde-runtime # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # https://bts-link-team.pages.debian.net/bts-link/ # user debian-bts-l...@lists.debian.org # remote status report for #718033 (http://bugs.debian.org/718033) # Bug title: knotify manages to change clock source of the sound card hanging it # * http://bugs.kde.org/show_bug.cgi?id=322900 # * remote status changed: UNCONFIRMED -> RESOLVED # * remote resolution changed: (?) -> WORKSFORME # * closed upstream tags 718033 + fixed-upstream usertags 718033 - status-UNCONFIRMED usertags 718033 + status-RESOLVED resolution-WORKSFORME # remote status report for #757368 (http://bugs.debian.org/757368) # Bug title: kde-runtime: With homedirs on NFS, KDE complains about removed sound devices when logging into different hardware # * http://bugs.kde.org/show_bug.cgi?id=218533 # * remote status changed: UNCONFIRMED -> NEEDSINFO # * remote resolution changed: (?) -> WAITINGFORINFO usertags 757368 - status-UNCONFIRMED usertags 757368 + status-NEEDSINFO resolution-WAITINGFORINFO thanks
[bts-link] source package konqueror
# # bts-link upstream status pull for source package konqueror # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # https://bts-link-team.pages.debian.net/bts-link/ # user debian-bts-l...@lists.debian.org # remote status report for #688115 (http://bugs.debian.org/688115) # Bug title: konq-plugins: web page archiving fails on some web pages # * http://bugs.kde.org/show_bug.cgi?id=308829 # * remote status changed: UNCONFIRMED -> RESOLVED # * remote resolution changed: (?) -> WORKSFORME # * closed upstream tags 688115 + fixed-upstream usertags 688115 - status-UNCONFIRMED usertags 688115 + status-RESOLVED resolution-WORKSFORME # remote status report for #690825 (http://bugs.debian.org/690825) # Bug title: konqueror # * http://bugs.kde.org/show_bug.cgi?id=308584 # * remote status changed: UNCONFIRMED -> NEEDSINFO # * remote resolution changed: (?) -> WAITINGFORINFO usertags 690825 - status-UNCONFIRMED usertags 690825 + status-NEEDSINFO resolution-WAITINGFORINFO thanks
[bts-link] source package marble
# # bts-link upstream status pull for source package marble # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # https://bts-link-team.pages.debian.net/bts-link/ # user debian-bts-l...@lists.debian.org # remote status report for #731733 (http://bugs.debian.org/731733) # Bug title: marble-data: OSM license has been changed quite a while ago # * http://bugs.kde.org/show_bug.cgi?id=337845 # * remote status changed: UNCONFIRMED -> NEEDSINFO # * remote resolution changed: (?) -> WAITINGFORINFO usertags 731733 - status-UNCONFIRMED usertags 731733 + status-NEEDSINFO resolution-WAITINGFORINFO # remote status report for #766024 (http://bugs.debian.org/766024) # Bug title: marble: South Sudan not marked on "Political Map" # * http://bugs.kde.org/show_bug.cgi?id=307263 # * remote status changed: UNCONFIRMED -> NEEDSINFO # * remote resolution changed: (?) -> WAITINGFORINFO usertags 766024 - status-UNCONFIRMED usertags 766024 + status-NEEDSINFO resolution-WAITINGFORINFO thanks
Bug#913595: CVE-2018-19120: kio-extras: HTML Thumbnailer automatic remote file access
Package: kio-extras Version: 4:18.08.1-1 Severity: important Tags: security Dear Maintainer, "KDE Project Security Advisory: kio-extras: HTML Thumbnailer automatic remote file access" (Message-ID: <5460566.RsyoOK3lV2@xps>, for some reason the mailing list archives are for subscribers only) mentions that 'htmlthumbnail.so' accesses content from remote files in HTML files to thumbnail. It has been assigned CVE number CVE-2018-19120. KDE developers removed the HTML thumbnailer for KDE Applications 18.12. Work-around is to remove /usr/lib/x86_64-linux-gnu/qt5/plugins/htmlthumbnail.so The announcement should be accessible to the public on https://www.kde.org/announcements/ soon. Thanks, Martin -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-tp520 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages kio-extras depends on: ii kio 5.51.0-1 ii kio-extras-data 4:18.08.1-1 ii libc62.27-8 ii libgcc1 1:8.2.0-9 ii libkf5activities55.51.0-1 ii libkf5archive5 5.51.0-1 ii libkf5bookmarks5 5.51.0-1 ii libkf5codecs55.51.0-1 ii libkf5configcore55.51.0-1 ii libkf5configgui5 5.51.0-1 ii libkf5configwidgets5 5.51.0-1 ii libkf5coreaddons55.51.0-1 ii libkf5dbusaddons55.51.0-1 ii libkf5dnssd5 5.51.0-1 ii libkf5guiaddons5 5.51.0-1 ii libkf5i18n5 5.51.0-1 ii libkf5iconthemes55.51.0-1 ii libkf5khtml5 5.51.0-1 ii libkf5kiocore5 5.51.0-1 ii libkf5kiofilewidgets55.51.0-1 ii libkf5kiowidgets55.51.0-1 ii libkf5parts5 5.51.0-1 ii libkf5pty5 5.51.0-1 ii libkf5service-bin5.51.0-1 ii libkf5service5 5.51.0-1 ii libkf5solid5 5.51.0-1 ii libkf5xmlgui55.51.0-1 ii libmtp9 1.1.13-1 ii libopenexr23 2.2.1-4 ii libphonon4qt5-4 4:4.10.1-1 ii libqt5core5a 5.11.2+dfsg-4 ii libqt5dbus5 5.11.2+dfsg-4 ii libqt5gui5 5.11.2+dfsg-4 ii libqt5network5 5.11.2+dfsg-4 ii libqt5sql5 5.11.2+dfsg-4 ii libqt5svg5 5.11.2-2 ii libqt5webenginewidgets5 5.11.2+dfsg-2 ii libqt5widgets5 5.11.2+dfsg-4 ii libqt5xml5 5.11.2+dfsg-4 ii libsmbclient 2:4.9.1+dfsg-2 ii libssh-4 0.8.4-3 ii libstdc++6 8.2.0-9 ii libtag1v51.11.1+dfsg.1-0.2+b1 ii phonon4qt5 4:4.10.1-1 kio-extras recommends no packages. kio-extras suggests no packages. -- no debconf information -- debsums errors found: debsums: missing file /usr/lib/x86_64-linux-gnu/qt5/plugins/htmlthumbnail.so (from kio-extras package)
Bug#913596: CVE-2018-19120: kio-extras: HTML Thumbnailer automatic remote file access
Package: kde-runtime Version: 4:17.08.3-2 Severity: important Tags: security Dear Maintainer, "KDE Project Security Advisory: kio-extras: HTML Thumbnailer automatic remote file access" (Message-ID: <5460566.RsyoOK3lV2@xps>, for some reason the mailing list archives are for subscribers only) mentions that 'htmlthumbnail.so' accesses content from remote files in HTML files to thumbnail. It has been assigned CVE number CVE-2018-19120. KDE developers removed the HTML thumbnailer for KDE Applications 18.12. KDE advisory mentions kio-extras. I am not sure whether 'htmlthumbnail.so' from KDE SC 4 in 'kde-runtime' is also affected. If so, work-around is to remove /usr/lib/kde4/htmlthumbnail.so The announcement should be accessible to the public on https://www.kde.org/announcements/ soon. Thanks, Martin -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-tp520 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages kde-runtime depends on: ii drkonqi 5.13.4-1 ii kde-runtime-data4:17.08.3-2 ii kdelibs5-plugins4:4.14.38-2 ii libasound2 1.1.7-1 ii libattica0.40.4.2-2 ii libc6 2.27-8 ii libcanberra00.30-6 ii libexiv2-14 0.25-4 ii libgcc1 1:8.2.0-9 ii libgcrypt20 1.8.4-3 ii libgpgme++2v5 4:4.14.10-10 ii libgpgme11 1.12.0-4 ii libjpeg62-turbo 1:1.5.2-2+b1 ii libkactivities6 4:4.13.3-2 ii libkcmutils44:4.14.38-2 ii libkdeclarative54:4.14.38-2 ii libkdecore5 4:4.14.38-2 ii libkdesu5 4:4.14.38-2 ii libkdeui5 4:4.14.38-2 ii libkdewebkit5 4:4.14.38-2 ii libkdnssd4 4:4.14.38-2 ii libkemoticons4 4:4.14.38-2 ii libkfile4 4:4.14.38-2 ii libkhtml5 4:4.14.38-2 ii libkio5 4:4.14.38-2 ii libkmediaplayer44:4.14.38-2 ii libknewstuff3-4 4:4.14.38-2 ii libknotifyconfig4 4:4.14.38-2 ii libkparts4 4:4.14.38-2 ii libkpty44:4.14.38-2 ii libntrack-qt4-1 016-1.3 ii libopenexr232.2.1-4 ii libphonon4 4:4.10.1-1 ii libplasma3 4:4.14.38-2 ii libpulse-mainloop-glib0 12.2-2 ii libpulse0 12.2-2 ii libqt4-dbus 4:4.8.7+dfsg-17 ii libqt4-declarative 4:4.8.7+dfsg-17 ii libqt4-network 4:4.8.7+dfsg-17 ii libqt4-script 4:4.8.7+dfsg-17 ii libqt4-svg 4:4.8.7+dfsg-17 ii libqt4-xml 4:4.8.7+dfsg-17 ii libqtcore4 4:4.8.7+dfsg-17 ii libqtgui4 4:4.8.7+dfsg-17 ii libqtwebkit42.3.4.dfsg-10 ii libsmbclient2:4.9.1+dfsg-2 ii libsolid4 4:4.14.38-2 ii libssh-gcrypt-4 0.8.4-3 ii libstdc++6 8.2.0-9 ii libwebp60.6.1-2 ii libx11-62:1.6.7-1 ii libxcursor1 1:1.1.15-1 ii oxygen-icon-theme 5:5.51.0-1 ii phonon 4:4.10.1-1 ii plasma-scriptengine-javascript 4:17.08.3-2 Versions of packages kde-runtime recommends: ii icoutils 0.32.3-2 pn libcanberra-pulse | libcanberra-gstreamer ii sound-theme-freedesktop0.8-2 ii udisks22.8.1-2 ii upower 0.99.9-1 Versions of packages kde-runtime suggests: pn djvulibre-bin ii finger 0.17-15.1 -- no debconf information -- debsums errors found: debsums: missing file /usr/lib/kde4/htmlthumbnail.so (from kde-runtime package)
Bug#913596: Link to KDE security advisory
It is not on the announcement page, but on the KDE security advisories page: https://www.kde.org/info/security/advisory-20181012-1.txt Thanks, -- Martin
Processed: tagging 913595
Processing commands for cont...@bugs.debian.org: > tags 913595 + upstream Bug #913595 [kio-extras] CVE-2018-19120: kio-extras: HTML Thumbnailer automatic remote file access Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 913595: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913595 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 913596
Processing commands for cont...@bugs.debian.org: > tags 913596 + upstream Bug #913596 [kde-runtime] CVE-2018-19120: kio-extras: HTML Thumbnailer automatic remote file access Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 913596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913596 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#913595: marked as done (CVE-2018-19120: kio-extras: HTML Thumbnailer automatic remote file access)
Your message dated Mon, 12 Nov 2018 22:50:02 + with message-id and subject line Bug#913595: fixed in kio-extras 4:18.08.3-1 has caused the Debian Bug report #913595, regarding CVE-2018-19120: kio-extras: HTML Thumbnailer automatic remote file access to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913595: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913595 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: kio-extras Version: 4:18.08.1-1 Severity: important Tags: security Dear Maintainer, "KDE Project Security Advisory: kio-extras: HTML Thumbnailer automatic remote file access" (Message-ID: <5460566.RsyoOK3lV2@xps>, for some reason the mailing list archives are for subscribers only) mentions that 'htmlthumbnail.so' accesses content from remote files in HTML files to thumbnail. It has been assigned CVE number CVE-2018-19120. KDE developers removed the HTML thumbnailer for KDE Applications 18.12. Work-around is to remove /usr/lib/x86_64-linux-gnu/qt5/plugins/htmlthumbnail.so The announcement should be accessible to the public on https://www.kde.org/announcements/ soon. Thanks, Martin -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-tp520 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages kio-extras depends on: ii kio 5.51.0-1 ii kio-extras-data 4:18.08.1-1 ii libc62.27-8 ii libgcc1 1:8.2.0-9 ii libkf5activities55.51.0-1 ii libkf5archive5 5.51.0-1 ii libkf5bookmarks5 5.51.0-1 ii libkf5codecs55.51.0-1 ii libkf5configcore55.51.0-1 ii libkf5configgui5 5.51.0-1 ii libkf5configwidgets5 5.51.0-1 ii libkf5coreaddons55.51.0-1 ii libkf5dbusaddons55.51.0-1 ii libkf5dnssd5 5.51.0-1 ii libkf5guiaddons5 5.51.0-1 ii libkf5i18n5 5.51.0-1 ii libkf5iconthemes55.51.0-1 ii libkf5khtml5 5.51.0-1 ii libkf5kiocore5 5.51.0-1 ii libkf5kiofilewidgets55.51.0-1 ii libkf5kiowidgets55.51.0-1 ii libkf5parts5 5.51.0-1 ii libkf5pty5 5.51.0-1 ii libkf5service-bin5.51.0-1 ii libkf5service5 5.51.0-1 ii libkf5solid5 5.51.0-1 ii libkf5xmlgui55.51.0-1 ii libmtp9 1.1.13-1 ii libopenexr23 2.2.1-4 ii libphonon4qt5-4 4:4.10.1-1 ii libqt5core5a 5.11.2+dfsg-4 ii libqt5dbus5 5.11.2+dfsg-4 ii libqt5gui5 5.11.2+dfsg-4 ii libqt5network5 5.11.2+dfsg-4 ii libqt5sql5 5.11.2+dfsg-4 ii libqt5svg5 5.11.2-2 ii libqt5webenginewidgets5 5.11.2+dfsg-2 ii libqt5widgets5 5.11.2+dfsg-4 ii libqt5xml5 5.11.2+dfsg-4 ii libsmbclient 2:4.9.1+dfsg-2 ii libssh-4 0.8.4-3 ii libstdc++6 8.2.0-9 ii libtag1v51.11.1+dfsg.1-0.2+b1 ii phonon4qt5 4:4.10.1-1 kio-extras recommends no packages. kio-extras suggests no packages. -- no debconf information -- debsums errors found: debsums: missing file /usr/lib/x86_64-linux-gnu/qt5/plugins/htmlthumbnail.so (from kio-extras package) --- End Message --- --- Begin Message --- Source: kio-extras Source-Version: 4:18.08.3-1 We believe that the bug you reported is fixed in the latest version of kio-extras, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pino Toscano (supplier of updated kio-extras package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 12 Nov 2018 23:27:05 +0100 Source: kio-extras Binary: kio-extras kio-extras-data Architecture: source Version: 4:18.08.3-
Processing of kio-extras_18.08.3-1_source.changes
kio-extras_18.08.3-1_source.changes uploaded successfully to localhost along with the files: kio-extras_18.08.3-1.dsc kio-extras_18.08.3.orig.tar.xz kio-extras_18.08.3.orig.tar.xz.asc kio-extras_18.08.3-1.debian.tar.xz kio-extras_18.08.3-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
kio-extras_18.08.3-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 12 Nov 2018 23:27:05 +0100 Source: kio-extras Binary: kio-extras kio-extras-data Architecture: source Version: 4:18.08.3-1 Distribution: unstable Urgency: medium Maintainer: Debian/Kubuntu Qt/KDE Maintainers Changed-By: Pino Toscano Description: kio-extras - Extra functionality for kioslaves. kio-extras-data - Extra functionality for kioslaves data files. Closes: 913595 Changes: kio-extras (4:18.08.3-1) unstable; urgency=medium . * Team upload. * New upstream release. * Disable the HTML thumbnailer: (CVE-2018-19120) (Closes: #913595) - remove the qtwebengine5-dev build dependency Checksums-Sha1: 37057c0953edf643d191031b93d90b443f9159a3 3139 kio-extras_18.08.3-1.dsc 95df9a451ea50563cc9279db985285e7b513c7c2 552044 kio-extras_18.08.3.orig.tar.xz 77f8db1aade408cf138cae3c121fb149eed65858 774 kio-extras_18.08.3.orig.tar.xz.asc c07bb482f2d748cdef9f183d1f27f5b8e67d40ab 13656 kio-extras_18.08.3-1.debian.tar.xz 17eeada9a352619d8b317c8fb57a458ed8cad9ae 20353 kio-extras_18.08.3-1_source.buildinfo Checksums-Sha256: 7b5693535166ff3b271864ed305e3fdaf9a23910496dd09e257e9a43f1918c6f 3139 kio-extras_18.08.3-1.dsc 450d69b16a873da51190c9397b2b0ecb08bc0dcae0d2a07f7ab1d2efcd02c280 552044 kio-extras_18.08.3.orig.tar.xz bf3825e7254d8534e234005dc571b1d4796ef860f1c01936a4fd142c4d59781a 774 kio-extras_18.08.3.orig.tar.xz.asc 92e754e1a1968b0686361871b14a61fcf3ace93ada8e7865f91db6151230799b 13656 kio-extras_18.08.3-1.debian.tar.xz a58c84ee4c1f5dca678c040c1c55445def9c959efbf1ae1827b7e149c15b3e86 20353 kio-extras_18.08.3-1_source.buildinfo Files: c35e1753d595a90b5de3ad21c00b8324 3139 kde optional kio-extras_18.08.3-1.dsc 2a34d890b3b6d6ea52ae9ac8023816fa 552044 kde optional kio-extras_18.08.3.orig.tar.xz 0680f6f7f1b0c399cef82a4cab9acc7a 774 kde optional kio-extras_18.08.3.orig.tar.xz.asc d16d8785703fee243382d613b330a9ed 13656 kde optional kio-extras_18.08.3-1.debian.tar.xz 52e5cd90123233c64bd3eb1dc38e8dc0 20353 kde optional kio-extras_18.08.3-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAlvp/nUACgkQLRkciEOx P02gRQ//dDfW/z5mlMMVwn8Hsz/MAx5Hopmtb8mJEVS490+eJToC/acx4BoqoQAM GcixrSmkXcDf77yB7ZxGS8VI7r8kQ0b+TRenCUvd1ICEug9eWfE7b//ywEBrQPCv m4OK1dEQBvizPwoPE59MHrcMVWolt/092U3eaokNJcVy5625bQdSq9KXkVf0rTuY ibG1TsH9j4urmyXWCfkkE4GqlBQsia57qygccSpGLRvaPfJ/tf+sG3bZ+i/+NmCZ MNH1IVpUbHtn2umFSvmnwB3ciPJMiBNKYCuZ4hAevkXetb73M6gmL+MJu/Xd6fFn YwyB1p2lnsF6tzV7XvSBvvdR1d+gnyYhCVA25mcdahfEiSD2nMXNWYNSjUHaY/GE MEaEPjcULfhxuivzkT7tPaocy6/CHNCigR/RPzCvFxvwp5yZmMRyMaH86M4kFt+K IM4t8FlefDxVf43N3u1EPzhbK2weQpHUS7br/xYpXH4PML+3ONGSimxwOCcxooSZ 7nxjbeUPXK5klRUualn7uvWiTQVY78Hpd/DD69G+Bw/CBUDrZ9jANLqSEA07Chyz hub9ax4Y8Mp1iIyWtlKh8xPD/6vZoJU8Ghu3dDi0qikqSaH+MobJQ+bK52o9SKM+ 9NTfJYzIRm3IWzRA8aH/vefN++OSiuqDGBFGe/aovmlfq60VKbs= =g8IV -END PGP SIGNATURE- Thank you for your contribution to Debian.
