[SECURITY] Fedora 11 Update: kdelibs-4.3.1-3.fc11

updates at fedoraproject.org updates at fedoraproject.org
Tue Sep 15 07:39:23 UTC 2009 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9397
2009-09-09 00:46:12
--------------------------------------------------------------------------------

Name        : kdelibs
Product     : Fedora 11
Version     : 4.3.1
Release     : 3.fc11
URL         : http://www.kde.org/
Summary     : K Desktop Environment 4 - Libraries
Description :
Libraries for the K Desktop Environment 4.

--------------------------------------------------------------------------------
Update Information:

This updates KDE to 4.3.1, the latest upstream bugfix release. The main
improvements are:  * KDE 4.3 is now also available in Croatian.  * A crash when
editing toolbar setup has been fixed.  * Support for transferring files through
SSH using KIO::Fish has been fixed.  * A number of bugs in KWin, KDE's window
and compositing manager has been fixed.  * A large number of bugs in KMail,
KDE's email client are now gone.    See
http://kde.org/announcements/announce-4.3.1.php for more information.    In
addition, this update:  * fixes a potential security issue (CVE-2009-2702) with
certificate validation in the KIO KSSL code. It is believed that the affected
code is not actually used (the code in Qt, for which a security update was
already issued, is) and thus the issue is only potential, but KSSL is being
patched just in case,  * splits PolicyKit-kde out of kdebase-workspace again to
avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired
instead (#519654).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep  4 2009 Than Ngo <than at redhat.com> - 4.3.1-3
- security fix for -CVE-2009-2702
* Wed Sep  2 2009 Ben Boeckel <MathStuf at gmail.com> - 4.3.1-2
- Patch for kde#160679
* Fri Aug 28 2009 Than Ngo <than at redhat.com> - 4.3.1-1
- 4.3.1
- openssl-1.0 build fixes
* Wed Aug 26 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.3.0-8
- BR: xz-devel
* Sun Aug 23 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.3.0-7
- buildsys_phonon patch (to be compatible with newer kde-qt.git qt builds)
* Wed Aug 19 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.3.0-6
- fix crash when editting toolbars (kdebug:200815)
* Tue Aug 18 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.3.0.5
- fix KDE bug #19538, copy file after rename uses old file name
* Mon Aug 17 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.3.0-4
- fix unmounting devices
- fix copying URLs to clipboard (kdebug:170608)
* Fri Aug 14 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.3.0-3
- kde4.(sh|csh): drop KDE_IS_PRELINKED for now (workaround bug #515539)
* Wed Aug  5 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.3.0-2
- microblog crashes plasma on show friends toggle (kdebug#202550)
- khtml crasher (kdebug#199557)
* Thu Jul 30 2009 Than Ngo <than at redhat.com> - 4.3.0-1
- 4.3.0
* Wed Jul 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.2.98-4
- -devel: Conflicts: kdebase-runtime < 4.2.90, kdebase-workspace-devel < 4.2.90
* Sun Jul 26 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.2.98-3
- fix CVE-2009-2537 - select length DoS
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: now aborts, so still crashes)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
- fix minimum strigi version (0.7, not 0.7.0, RPM thinks 0.7 < 0.7.0)
* Fri Jul 24 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.2.98-2
- respun tarball, to fix KIO HTTP redirects
- fix phonon/strigi versions
* Wed Jul 22 2009 Than Ngo <than at redhat.com> - 4.2.98-1
- 4.3rc3
* Thu Jul 16 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.2.96-2
- soprano_ver 2.3.0
- License: LGPLv2+
* Fri Jul 10 2009 Than Ngo <than at redhat.com> - 4.2.96-1
- 4.3rc2
* Wed Jul  8 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.2.95-4
- fix CMake dependency in parallel_devel patch (#510259, CHIKAMA Masaki)
* Fri Jul  3 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.2.95-3
- plasma animation crasher (kdebug#198338)
* Fri Jul  3 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.2.95-2
- up min versions, phonon, strigi, soprano (#509511)
* Thu Jun 25 2009 Than Ngo <than at redhat.com> - 4.2.95-1
- 4.3 rc1
* Wed Jun  3 2009 Rex Dieter <rdieter at fedoraproject.org> 4.2.90-1
- KDE-4.3 beta2 (4.2.90)
* Tue May 12 2009 Than Ngo <than at redhat.com> 4.2.85-1
- KDE-4.3 beta1 (4.2.85)
- kde4.(sh|csh): drop QT_PLUGINS_PATH munging, kde4-config call (#498809)
* Wed Apr 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.2.2-14
- -devel: Provides: kdelibs4-devel%{?_isa} ...
* Tue Apr 28 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.2.2-13
- upstream patch to fix GCC4.4 crashes in kjs
  (kdebug:189809)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName
        https://bugzilla.redhat.com/show_bug.cgi?id=520661
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdelibs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list