diff -u kdenetwork-4.4.5/debian/changelog kdenetwork-4.4.5/debian/changelog
--- kdenetwork-4.4.5/debian/changelog
+++ kdenetwork-4.4.5/debian/changelog
@@ -1,3 +1,12 @@
+kdenetwork (4:4.4.5-0ubuntu2) lucid-security; urgency=low
+
+  * SECURITY UPDATE: file name directory traversal attack (LP: #757526).
+    - Add debian/patches/kubuntu_06_kget_metalinker.diff: check if the
+      filename is well formed, without traversal opportunities.
+    - CVE-2010-1000.
+
+ -- Romain Perier <romain.perier@gmail.com>  Wed, 13 Apr 2011 20:03:50 +0200
+
 kdenetwork (4:4.4.5-0ubuntu1) lucid-proposed; urgency=low
 
   * Upload to lucid-proposed for 10.04.2 (LP: #691068)
diff -u kdenetwork-4.4.5/debian/patches/series kdenetwork-4.4.5/debian/patches/series
--- kdenetwork-4.4.5/debian/patches/series
+++ kdenetwork-4.4.5/debian/patches/series
@@ -1,0 +2 @@
+kubuntu_06_kget_metalinker.diff
only in patch2:
unchanged:
--- kdenetwork-4.4.5.orig/debian/patches/kubuntu_06_kget_metalinker.diff
+++ kdenetwork-4.4.5/debian/patches/kubuntu_06_kget_metalinker.diff
@@ -0,0 +1,19 @@
+Index: kdenetwork-4.4.5/kget/ui/metalinkcreator/metalinker.cpp
+===================================================================
+--- kdenetwork-4.4.5.orig/kget/ui/metalinkcreator/metalinker.cpp	2010-05-28 11:43:32.000000000 +0200
++++ kdenetwork-4.4.5/kget/ui/metalinkcreator/metalinker.cpp	2011-04-13 20:01:14.875423015 +0200
+@@ -583,7 +583,13 @@
+         return false;
+     }
+ 
+-    if (name.contains(QRegExp("$(\\.\\.?)?/")) || name.contains("/../") || name.endsWith("/..")) {
++    if (name.endsWith('/')) {
++        kError(5001) << "Name attribute of Metalink::File does not contain a file name:" << name;
++        return false;
++    }
++
++    const QStringList components = name.split('/');
++    if (name.startsWith('/') || components.contains("..") || components.contains(".")) {
+         kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << name;
+         return false;
+     }