Bug#306088: kdebase-bin: Rename xxxxconfig utilities to more consistent xxxx-config
Package: kdebase-bin Version: 4:3.3.2-1 Severity: minor It would be good if kde utilities used the same naming as other configuration tools, as in apt-config, audiofile-config, esd-config SUGGESTION Rename following /usr/bin/ programs: kwriteconfig = kwrite-config kreadconfig = kread-config -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US) Versions of packages kdebase-bin depends on: ii kdelibs4 4:3.3.2-4.0.2 KDE core libraries ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libc62.3.2.ds1-21GNU C Library: Shared libraries an ii libfam0c102 2.7.0-6 client library to control the FAM ii libgcc1 1:3.4.3-12 GCC support library ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt3:3.3.4-3 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxtst6 4.3.0.dfsg.1-12.0.1 X Window System event recording an ii xlibs4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#304465: KDE advisory
There now has been an official KDE advisory for this as well. Please refer to CAN-2005-1046 when fixing this. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#306144: kitchensync: Kitchensync headers missing
Package: kitchensync Version: 4:3.3.2-3 Severity: normal Kitchensync headers are neither part of the kitchensync or kdepim-dev packages. I figured it out while trying to compile kdebluetooth: its configure fails to find kitchensync/konnector.h and kitchensync/syncee.h. I do not know if other files are concerned. I guess that is not normal, but since I am not a KDE/Debian expert, I may be wrong. So, sorry if that is not a bug. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.11 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages kitchensync depends on: ii kdelibs44:3.3.2-4KDE core libraries ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-12 GCC support library ii libice6 6.8.2-mea1 Inter-Client Exchange library ii libkcal2a 4:3.3.2-3KDE calendaring library ii libkdepim1 4:3.3.2-3KDE PIM library ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt 3:3.3.4-3Qt GUI Library (Threaded runtime v ii libsm6 6.8.2-mea1 X Window System Session Management ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3 ii libx11-66.8.2-mea1 X Window System protocol client li ii libxext66.8.2-mea1 X Window System miscellaneous exte ii xlibs 6.8.2-mea1 X Window System client libraries m ii zlib1g 1:1.2.2-4compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#275072: kitchensync crashes
Package: kitchensync Version: 4:3.3.2-3 Followup-For: Bug #275072 I had the same problem. Things went back to normal after I removed: ~/.kde/share/config/kresources/konnector/ ~/.kde/share/apps/kitchensync/ ~/.ked/share/config/kitchensyncrc But, of course, doing this erase any previous settings of kitchensync! Removing just the last two entries of this list did not fix the problem. I did not try just removing the first entry. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.11 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages kitchensync depends on: ii kdelibs44:3.3.2-4KDE core libraries ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-12 GCC support library ii libice6 6.8.2-mea1 Inter-Client Exchange library ii libkcal2a 4:3.3.2-3KDE calendaring library ii libkdepim1 4:3.3.2-3KDE PIM library ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt 3:3.3.4-3Qt GUI Library (Threaded runtime v ii libsm6 6.8.2-mea1 X Window System Session Management ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3 ii libx11-66.8.2-mea1 X Window System protocol client li ii libxext66.8.2-mea1 X Window System miscellaneous exte ii xlibs 6.8.2-mea1 X Window System client libraries m ii zlib1g 1:1.2.2-4compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#306171: konsole: fail to regain focus when hovering window disappear
Package: konsole Version: 4:3.3.2-1 Severity: normal *** Please type your report below this line *** The konsole program fail to regain focus when it should. I'm using the 'focus over mouse' policy. I'll try to explain the problem. I start a konsole, and use it as normal. Next, I for example start xine (or some other program, using xine as an example), and places the window over the konsole window. I place the mouse over both the xine window and the konsole window, and then press 'q' to exit xine. At this point, the focus is back in the konsole window, but it isn't accepting keypresses. I have to move the mouse out of the konsole window, and back in again, before konsole will accept keypresses. This do not happen for every film I play using xine. And it does not happen for all programs. I've been able to reproduce it using the film available from URL:http://www.nuug.no/pub/video/published/20040819-minipc-medium.mpeg. Start a konsole, run 'xine http://www.nuug.no/pub/video/published/20040819-minipc-medium.mpeg' and place the video window over the konsole. Next, press 'q' to exit xine and try to use [enter] in the konsole. It does not work. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (2100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=no_NO, LC_CTYPE=no_NO (charmap=ISO-8859-1) Versions of packages konsole depends on: ii kdelibs4 4:3.3.2-4.0.2 KDE core libraries ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libfam0c102 2.7.0-6 client library to control the FAM ii libgcc1 1:3.4.3-12 GCC support library ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt3:3.3.4-2 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxtst6 4.3.0.dfsg.1-12.0.1 X Window System event recording an ii xlibs4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-3 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#306183: inline pgp does not work
Package: kmail Version: 4:3.4.0-0pre1 Severity: important Setting the signuature-option to Inline-OpenPGP does not work, the mails sent with this option seem so send their sigs as attachment instead of inline. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11-laptop Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages kmail depends on: ii kdebase-kio-plugins 4:3.4.0-0pre3 core I/O slaves for KDE ii kdelibs4 4:3.4.0-0pre4 core libraries for all KDE applica ii kdepim-kio-plugins 4:3.4.0-0pre1 KDE pim I/O Slaves ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libaudio21.7-2 The Network Audio System (NAS). (s ii libc62.3.2.ds1-21GNU C Library: Shared libraries an ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-12 GCC support library ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libkcal2a4:3.4.0-0pre1 KDE calendaring library ii libkdepim1 4:3.4.0-0pre1 KDE PIM library ii libkleopatra0a 4:3.4.0-0pre1 KDE GnuPG interface libraries ii libkpimidentities1 4:3.4.0-0pre1 KDE PIM user identity information ii libksieve0 4:3.4.0-0pre1 KDE mail/news message filtering li ii libmimelib1a 4:3.4.0-0pre1 KDE mime library ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt3:3.3.4-3 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxrandr2 4.3.0.dfsg.1-12.0.1 X Window System Resize, Rotate and ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxt6 4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics ii perl 5.8.4-8 Larry Wall's Practical Extraction ii xlibs4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#306183: inline pgp does not work
tag 306183 experimental severity 306183 normal forwarded 306183 http://bugs.kde.org/99089 stop * Bastian Venthur [Sun, 24 Apr 2005 21:11:41 +0200]: Package: kmail Version: 4:3.4.0-0pre1 Severity: important Setting the signuature-option to Inline-OpenPGP does not work, the mails sent with this option seem so send their sigs as attachment instead of inline. OK, this bug is reported upstream already. Bastian, as indicated in the above URL, you can workaround this until it gets fixed by using kaddressbok entries. Thanks, -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Listening to: Vitalic - Fanfares Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: add the relevant tags for HTML Allows Spoofing of Emails Content
Processing commands for [EMAIL PROTECTED]: tags 305601 sid sarge Bug#305601: CAN-2005-0404: serious content spoofing vulnerability There were no tags set. Tags added: sid, sarge forwarded 305601 http://bugs.kde.org/show_bug.cgi?id=96020 Bug#305601: CAN-2005-0404: serious content spoofing vulnerability Noted your statement that Bug has been forwarded to http://bugs.kde.org/show_bug.cgi?id=96020. stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#305601: CAN-2005-0404: serious content spoofing vulnerability
severity 305601 important stop On April 20, 2005 20:34, Geoff Crompton wrote: In summary: A remote email message content spoofing vulnerability affects KDE KMail. This issue is due to a failure of the application to properly sanitize HTML email messages. An attacker may leverage this issue to spoof email content and various header fields of email messages. This may aid an attacker in conducting phishing and social engineering attacks by spoofing PGP keys as well as other critical information. securityfocus list 3.3.2 as vulnerable, which is currently in Sarge and Sid. No idea if it would affect 2.2.2 which is in Woody. See KDE bug 96020. Talking to upstream, it seems that the bug isn't quite as serious as the summary might suggest. Here's Dirk Mueller: --- It does affect kmail 3.4 the same way it affected all older versions. however, this proof of concept is pretty lame. it doesn't match the colors, the fonts or even the font sizes. of course you could theoretically tune for that. it doesn't have the usual link to the status popup though, and its clearly mentioned in several places that HTML rendering has phishing problems, and HTML rendering is *disabled* by *default* in kmail, and you get a pretty huge warning if you still enable it. anyway, the html bar also indicates that this is a spoofed message. maybe not in an obvious way. the only way we could mitigate this attack for real though is to load the actual content in a separate frame, so that it cannot paint over kmail specific HTML. This is a long term todo, and there are a few bits missing in KHTML in order to achieve that. so I'd either close it as wontfix or as duplicate, whatever you prefer. --- So it would appear that while KMail's behaviour makes phishing easier than it perhaps should be, in the real world far from a magical pass into the the user's confidence. Moreover, the only fix for the foreseeable future would be to disable HTML mail completely (it's already off by default and comes with a security warning). I don't believe that to be a reasonable course of action, as it would severely reduce KMail's usefulness for many users with only a minimal increase in theoretical security. Thus while this is an important problem, I don't feel it be in any sense release-critical. Cheers, Christopher Martin pgp7P0Q6YH60H.pgp Description: PGP signature