Thanks for the debdiffs! They are mostly fine, bug I have a couple of comments:
* they only mention one of the commits in the patch headers. The code itself
has both
898135a59d91184692ed1bcee8bb4c6d80d6f7b9 and
65d736dab592bced4410ccfa4699de89f78c96ca, but the patch
headers only list 65d736dab592bced4410ccfa4699de89f78c96ca.
* the precise debdiff needed to have the patch refreshed
* the raring debdiff does not properly apply because there is no trailing
newline
* while not required, typically the patch will include the CVE number. Ie,
instead of kubuntu_use_pretty_url.diff you might use CVE-2013-2074.diff
* the changelog does not use the format as described in
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging
Eg, properly formatted changelog entry for -security might be:
kde4libs (4:4.9.5-0ubuntu0.2) quantal-security; urgency=low
* SECURITY UPDATE: information disclosure via error notifications
- debian/patches/kubuntu_use_pretty_url.diff: update
kioslave/http/http.cpp to use prettyUrl()
- CVE-2013-2074
- LP: #1178286
I've gone ahead and fixed these issues and uploaded. Thanks again!
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
https://bugs.launchpad.net/bugs/1178286
Title:
Security advisory from KDE upstream
To manage notifications about this bug go to:
https://bugs.launchpad.net/kdelibs/+bug/1178286/+subscriptions
--
kubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
