Bug#291251: CAN-2005-0064: Arbitrary code execution in kpdf

2005-01-19 Thread Martin Schulze
Package: kpdf Severity: grave Tags: security sarge sid This problem also affects kpdf: URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow Reference: URL:http://www.idefense.com/application/po

Bug#293754: kleopatra does not install

2005-02-05 Thread Martin Schulze
Package: kleopatra Version: 3.3.1-3 Tags: sid sarge Severity: serious The package should at least be installable when it is in the Debian archive, even if it is a contrib package. # apt-get install kleopatra Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be

Bug#294896: CAN-2005-0365: insecure temporary file creation in kdelibs 3.3.2

2005-02-11 Thread Martin Schulze
Package: kdelibs Version: 3.2.3-3.sarge.2 3.3.2-1 Severity: grave Tags: security sarge sid patch Please . update the package in sid . mention the CVE id from the subject in the changelog . use priority=high . you probably need to upload into testing-proposed-updates as well Regards,

CAN-2005-0404: information leak in kmail

2005-04-13 Thread Martin Schulze
Please make sure a correction to this makes it into sarge. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0404 Reference: MLIST:[kmail-devel] 20050215 [Bug 96020] HTML Allows Spoofing of Emails Content Reference: URL:http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html Re

xpdf bugs in koffice

2006-01-11 Thread Martin Schulze
/xpdf/xpdf/JBIG2Stream.cc, +filters/kword/pdf/xpdf/xpdf/Stream.cc, +filters/kword/pdf/xpdf/xpdf/Stream.h, CVE-2005-3191, CVE-2005-3193, +ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch] + + -- Martin Schulze <[EMAIL PROTECTED]> Wed, 21 Dec 2005 10:30:53 +0100 + koffice (1:1.3.5-4.sarge.1

Re: qtpfsgui for Debian

2007-10-30 Thread Martin Schulze
Sune Vuorela wrote: > On Tuesday 30 October 2007, Joey Schulze wrote: > > For a friend I've just installed qtpfsgui on etch and wonder if there are > > plans to include this package in sid->lenny already? > > Hi! > > We have currently no plans to package it, so you are most welcome to package >

Bug#278173: kpdf: CAN-2004-0888: arbitrary code execution

2004-10-25 Thread Martin Schulze
Package: kpdf Version: 3.3.0-2 Severity: critical Tags: security, sid, sarge Please see DSA 573 http://www.kde.org/info/security/advisory-20041021-1.txt I can provide a patch for xpdf if that's required, contact me privately. Regards, Joey -- There are lies, statistics and benchmarks.

KDE Security Advisory: URI Handler Vulnerabilities

2004-05-17 Thread Martin Schulze
Hi, could you tell me which version of kdelibs, kdenetwork (or another package if another one is affected) fixes this problem in unstable? http://www.kde.org/info/security/advisory-20040517-1.txt If you apply the patch, please mention CAN-2004-0411 in the changelog file so we can easier track th

Bug#268016: [CAN-2004-0746] Konqueror Cross-Domain Cookie Injection

2004-08-25 Thread Martin Schulze
Package: konqueror Version: 3.2.3-1 Severity: grave Tags: security upstream sarge Web sites operating under the affected domains can set HTTP cookies in such a way that the Konqueror web browser will send them to all other web sites operating under the same domain.

Bug#287201: [patch] KDE ftp kioslave applies to woody as well

2005-01-06 Thread Martin Schulze
Moritz Muehlenhoff wrote: > Hi, > this applies to woody as well. Attached you can find the backported upstream > patch against 2.2.2. BTW, this is CAN-2004-1165. > > Cheers, > Moritz > diff -Naur kdelibs-2.2.2.orig/kio/ftp/ftp.cc kdelibs-2.2.2/kio/ftp/ftp.cc > --- kdelibs-2.2.2.orig/kio/f

Bug#287201: [patch] KDE ftp kioslave applies to woody as well

2005-01-07 Thread Martin Schulze
Adeodato Simó wrote: > * Martin Schulze [Thu, 06 Jan 2005 16:49:21 +0100]: > > > Please > > . update the package in sid > > . mention the CVE id from the subject in the changelog > > . tell me the version number of the fixed package > > . use priority=high

CAN-2005-1920: information leak in kate / kwrite

2005-07-23 Thread Martin Schulze
Hi, did you notice ? I'm building an update for sarge now. Can you tell me which version of the package will have the fix included in sid? Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneie

Bug#325254: kdegraphics packages broken on sarge/powerpc because of kdelibs4 dependency

2005-08-27 Thread Martin Schulze
Adeodato Simó wrote: > severity 325254 serious > reassign 325254 kdegraphics,security.debian.org > retitle 325254 kdegraphics 3.3.2-2sarge1/powerpc uninstallable because of > dependency on kdelibs4 (>= 4:3.3.2-6.2) > notfound 325254 4:3.3.2-2 > found 325254 4:3.3.2-2sarge1 > thanks > > * Jochen A