gpgv: Signature made miƩ 28 may 2014 15:25:12 CEST using DSA key ID DD4D5088 gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on /home/shadeslayer/src/kubuntu/usn/saucy/kde4libs_4.11.5-0ubuntu0.2.dsc gpgv: Signature made jue 19 jun 2014 15:32:12 CEST using RSA key ID F2672094 gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on /home/shadeslayer/src/kubuntu/usn/saucy/kde4libs_4.11.5-0ubuntu0.3.dsc diff -Nru kde4libs-4.11.5/debian/changelog kde4libs-4.11.5/debian/changelog --- kde4libs-4.11.5/debian/changelog 2014-05-28 15:10:13.000000000 +0200 +++ kde4libs-4.11.5/debian/changelog 2014-06-19 15:11:56.000000000 +0200 @@ -1,3 +1,10 @@ +kde4libs (4:4.11.5-0ubuntu0.3) saucy-security; urgency=medium + + * SECURITY UPDATE: Fix KMail/KIO SSL flaw + - CVE-2014-3494 (LP: #1332064) + + -- Rohan Garg Thu, 19 Jun 2014 15:10:34 +0200 + kde4libs (4:4.11.5-0ubuntu0.2) saucy; urgency=medium * Add kubuntu_meinproc-libxml-fix.diff to fix documentation diff -Nru kde4libs-4.11.5/debian/patches/CVE-2014-3494.patch kde4libs-4.11.5/debian/patches/CVE-2014-3494.patch --- kde4libs-4.11.5/debian/patches/CVE-2014-3494.patch 1970-01-01 01:00:00.000000000 +0100 +++ kde4libs-4.11.5/debian/patches/CVE-2014-3494.patch 2014-06-19 15:10:25.000000000 +0200 @@ -0,0 +1,55 @@ +From: David Faure +Date: Wed, 18 Jun 2014 18:29:04 +0000 +Subject: Don't require a job to handle messageboxes. +X-Git-Url: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d +--- +Don't require a job to handle messageboxes. + +The POP3 ioslave doesn't have a job when it gets here. +--- + + +--- a/kio/kio/usernotificationhandler.cpp ++++ b/kio/kio/usernotificationhandler.cpp +@@ -19,7 +19,7 @@ + #include "usernotificationhandler_p.h" + + #include "slave.h" +-#include "job_p.h" ++#include "jobuidelegate.h" + + #include + +@@ -76,19 +76,18 @@ + + if (m_cachedResults.contains(key)) { + result = *(m_cachedResults[key]); +- } else if (r->slave->job()) { +- SimpleJobPrivate* jobPrivate = SimpleJobPrivate::get(r->slave->job()); +- if (jobPrivate) { +- result = jobPrivate->requestMessageBox(r->type, +- r->data.value(MSG_TEXT).toString(), +- r->data.value(MSG_CAPTION).toString(), +- r->data.value(MSG_YES_BUTTON_TEXT).toString(), +- r->data.value(MSG_NO_BUTTON_TEXT).toString(), +- r->data.value(MSG_YES_BUTTON_ICON).toString(), +- r->data.value(MSG_NO_BUTTON_ICON).toString(), +- r->data.value(MSG_DONT_ASK_AGAIN).toString(), +- r->data.value(MSG_META_DATA).toMap()); +- } ++ } else { ++ JobUiDelegate ui; ++ const JobUiDelegate::MessageBoxType type = static_cast(r->type); ++ result = ui.requestMessageBox(type, ++ r->data.value(MSG_TEXT).toString(), ++ r->data.value(MSG_CAPTION).toString(), ++ r->data.value(MSG_YES_BUTTON_TEXT).toString(), ++ r->data.value(MSG_NO_BUTTON_TEXT).toString(), ++ r->data.value(MSG_YES_BUTTON_ICON).toString(), ++ r->data.value(MSG_NO_BUTTON_ICON).toString(), ++ r->data.value(MSG_DONT_ASK_AGAIN).toString(), ++ r->data.value(MSG_META_DATA).toMap()); + m_cachedResults.insert(key, new int(result)); + } + } else { + diff -Nru kde4libs-4.11.5/debian/patches/series kde4libs-4.11.5/debian/patches/series --- kde4libs-4.11.5/debian/patches/series 2014-05-28 15:19:13.000000000 +0200 +++ kde4libs-4.11.5/debian/patches/series 2014-06-19 15:10:29.000000000 +0200 @@ -27,3 +27,4 @@ kubuntu_revert_findpythonlibrary.diff kubuntu_no_KDE4_BUILD_TESTS.diff kubuntu_meinproc-libxml-fix.diff +CVE-2014-3494.patch