diff -Nru kdenetwork-4.5.1/debian/changelog kdenetwork-4.5.1/debian/changelog
--- kdenetwork-4.5.1/debian/changelog	2010-11-17 21:57:27.000000000 +0100
+++ kdenetwork-4.5.1/debian/changelog	2011-04-13 19:37:10.000000000 +0200
@@ -1,3 +1,12 @@
+kdenetwork (4:4.5.1-0ubuntu2.2) maverick-security; urgency=low
+
+  * SECURITY UPDATE: file name directory traversal attack (LP: #757526).
+    - Add debian/patches/kubuntu_06_kget_metalinker.diff: check if the
+      filename is well formed, without traversal opportunities.
+    - CVE-2010-1000.
+
+ -- Romain Perier <romain.perier@gmail.com>  Wed, 13 Apr 2011 19:36:45 +0200
+
 kdenetwork (4:4.5.1-0ubuntu2.1) maverick-proposed; urgency=low
 
   * Add kubuntu_05_fix_icq.diff transiting from old login.oscar.aol.com to new
diff -Nru kdenetwork-4.5.1/debian/patches/kubuntu_06_kget_metalinker.diff kdenetwork-4.5.1/debian/patches/kubuntu_06_kget_metalinker.diff
--- kdenetwork-4.5.1/debian/patches/kubuntu_06_kget_metalinker.diff	1970-01-01 01:00:00.000000000 +0100
+++ kdenetwork-4.5.1/debian/patches/kubuntu_06_kget_metalinker.diff	2011-04-11 21:28:25.000000000 +0200
@@ -0,0 +1,25 @@
+author: Matthias Fuchs <mat69@gmx.net>
+commit: r1227469
+
+Further addresses CVE-2010-1000.
+The file name of Metalink File is checked a better way, making it work under more conditions.
+
+Index: kdenetwork-4.5.1/kget/ui/metalinkcreator/metalinker.cpp
+===================================================================
+--- kdenetwork-4.5.1.orig/kget/ui/metalinkcreator/metalinker.cpp	2010-05-16 22:04:17.000000000 +0200
++++ kdenetwork-4.5.1/kget/ui/metalinkcreator/metalinker.cpp	2011-04-11 21:28:20.566250806 +0200
+@@ -583,7 +583,13 @@
+         return false;
+     }
+ 
+-    if (name.contains(QRegExp("$(\\.\\.?)?/")) || name.contains("/../") || name.endsWith("/..")) {
++    if (name.endsWith('/')) {
++        kError(5001) << "Name attribute of Metalink::File does not contain a file name:" << name;
++        return false;
++    }
++
++    const QStringList components = name.split('/');
++    if (name.startsWith('/') || components.contains("..") || components.contains(".")) {
+         kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << name;
+         return false;
+     }
diff -Nru kdenetwork-4.5.1/debian/patches/series kdenetwork-4.5.1/debian/patches/series
--- kdenetwork-4.5.1/debian/patches/series	2010-11-17 21:48:51.000000000 +0100
+++ kdenetwork-4.5.1/debian/patches/series	2011-04-11 21:23:15.000000000 +0200
@@ -3,3 +3,4 @@
 kubuntu_03_no_mediastreamer_in_wlm.diff
 kubuntu_04_googletalk_no_errormsg_and_knh_support.patch
 kubuntu_05_fix_icq.diff
+kubuntu_06_kget_metalinker.diff