febbraio 24, 2014

5 aggiornamenti di sicurezza importanti per Ubuntu 13.10 “Saucy Salamander”, in particolare per KDE: librerie, framework, KTextEditor e KMediaPlayer.

| No comment

Sappiamo tutti quanto sia importante mantenere aggiornato il proprio sistema operativo, ma è parimenti esperienza comune che spesso siano proprio gli aggiornamenti a introdurre nuovi bug.

Ubuntu segue delle linee guida ben precise per gestire questa situazione.

La chiave di volta dell’intero discorso è che, una volta rilasciata la release, gli aggiornamenti non si fanno affatto, a meno che non riguardino vulnerabilità di sicurezza o bug particolarmente significativi.

Addirittura, nell’ottica di stabilizzare la release, già durante le ultime fasi di sviluppo l’ingresso di nuovi pacchetti dei vari software è sottoposto ad un controllo particolarmente rigido (una fase nota agli sviluppatori come “Feature Freeze”, appunto).

Gli aggiornamenti proposti a continuazione fanno parte del bollettino di sicurezza settimanale rilasciato da Canonical e riguardano in particolare aggiornamenti importanti sulla sicurezza riguardanti la neonata Ubuntu 13.10 Saucy Salamander (in particolare KDE).

Ubuntu 13.10 con Unity 7.1

1.- KDE platform code library.

All KDE Applications use this library to provide basic functionality such as the configuration system, IPC, internationalization and locale support, site-independent access to the filesystem and a large number of other (but no less important) things. The classes in this library does not require linkage to QtGui or any other library that requires a graphical interface.
This package is part of the KDE Development Platform libraries module.

Modifiche per le versioni:
Versione installata: 4:4.9.5-0ubuntu0.1~ubuntu12.10~ppa3
Versione disponibile: 4:4.9.5-0ubuntu0.2

Versione 4:4.9.5-0ubuntu0.2:

  * SECURITY UPDATE: information disclosure via error notifications
    - debian/patches/kubuntu_use_pretty_url.diff: update
      kioslave/http/http.cpp to use prettyUrl()
    - CVE-2013-2074
    - LP: #1178286


Versione 4:4.9.5-0ubuntu0.1:

  * New upstream bugfix release (LP: #1094523)
    - refresh make_libkdeinit4_private.diff
    - drop 0002-Fix-crash-when-no-service-was-selected-user-clicked-.patch
      and 0001-Revert-Also-check-parent-mimetypes-in-protocolForArc.patch,
      applied upstream

2.- Framework for the KDE platform graphical components

This library implements the framework for reusable KDE components (kparts), which are elaborate widgets with a user-interface defined in terms of actions (menu items, toolbar icons).
This package is part of the KDE Development Platform libraries module.

Modifiche per le versioni:
Versione installata: 4:4.9.5-0ubuntu0.1~ubuntu12.10~ppa3
Versione disponibile: 4:4.9.5-0ubuntu0.2

Versione 4:4.9.5-0ubuntu0.2:

  * SECURITY UPDATE: information disclosure via error notifications
    - debian/patches/kubuntu_use_pretty_url.diff: update
      kioslave/http/http.cpp to use prettyUrl()
    - CVE-2013-2074
    - LP: #1178286


Versione 4:4.9.5-0ubuntu0.1:

  * New upstream bugfix release (LP: #1094523)
    - refresh make_libkdeinit4_private.diff
    - drop 0002-Fix-crash-when-no-service-was-selected-user-clicked-.patch
      and 0001-Revert-Also-check-parent-mimetypes-in-protocolForArc.patch,
      applied upstream


Versione 4:4.9.4-0ubuntu0.2:

  * Refresh symbol files for all architectures


Versione 4:4.9.4-0ubuntu0.1:

  [ Philip MuÅ¡kovac ]
  * New upstream bugfix release (LP: #1085516)
    - drop python3-support-bytecode.patch as upstream has support for
      that now
  * Add upstream commit 0820b3173aff4f0f3c803a9e75e726024da38ee5 as
    0002-Fix-crash-when-no-service-was-selected-user-clicked-.patch
    to fix crash when no service was selected (user clicked on "Open With...")

  [ Scott Kitterman ]
  * Add 0001-Revert-Also-check-parent-mimetypes-in-protocolForArc.patch as
    recommended by upstream to revert bad commit inadvertently included in the
    release

3.- KTextEditor interfaces for the KDE platform

This package provides the KTextEditor interfaces (also called KTE interfaces) that are a set of well-defined interfaces which an application or library can implement to provide advanced plain text editing services. Applications which utilise this interface can thus allow the user to choose which implementation of the editor component to use. The only implementation right now is the Kate Editor Component (Kate Part).
This package is part of the KDE Development Platform libraries module.

Modifiche per le versioni:
Versione installata: 4:4.9.5-0ubuntu0.1~ubuntu12.10~ppa3
Versione disponibile: 4:4.9.5-0ubuntu0.2

Versione 4:4.9.5-0ubuntu0.2:

  * SECURITY UPDATE: information disclosure via error notifications
    - debian/patches/kubuntu_use_pretty_url.diff: update
      kioslave/http/http.cpp to use prettyUrl()
    - CVE-2013-2074
    - LP: #1178286


Versione 4:4.9.5-0ubuntu0.1:

  * New upstream bugfix release (LP: #1094523)
    - refresh make_libkdeinit4_private.diff
    - drop 0002-Fix-crash-when-no-service-was-selected-user-clicked-.patch
      and 0001-Revert-Also-check-parent-mimetypes-in-protocolForArc.patch,
      applied upstream


Versione 4:4.9.4-0ubuntu0.2:

  * Refresh symbol files for all architectures

4.- Pseudo terminal library for the KDE platform

This library provides primitives to interface with pseudo terminal devices as well as a KProcess derived class for running child processes and communicating with them using a pty.
This package is part of the KDE Development Platform libraries module.

Modifiche per le versioni:
Versione installata: 4:4.9.5-0ubuntu0.1~ubuntu12.10~ppa3
Versione disponibile: 4:4.9.5-0ubuntu0.2

Versione 4:4.9.5-0ubuntu0.2:

  * SECURITY UPDATE: information disclosure via error notifications
    - debian/patches/kubuntu_use_pretty_url.diff: update
      kioslave/http/http.cpp to use prettyUrl()
    - CVE-2013-2074
    - LP: #1178286


Versione 4:4.9.5-0ubuntu0.1:

  * New upstream bugfix release (LP: #1094523)
    - refresh make_libkdeinit4_private.diff
    - drop 0002-Fix-crash-when-no-service-was-selected-user-clicked-.patch
      and 0001-Revert-Also-check-parent-mimetypes-in-protocolForArc.patch,
      applied upstream


Versione 4:4.9.4-0ubuntu0.2:

  * Refresh symbol files for all architectures

5.- KMediaPlayer interface for the KDE platform.


The KNewStuff3 ("Get Hot New Stuff" v3) library adds data sharing capabilities to the KDE Applications. It uses libattica to access Open Collaboration Services providers. In addition the static XML from GHNS is supported.
This package is part of the KDE Development Platform libraries module.


Modifiche per le versioni:
Versione installata: 4:4.9.5-0ubuntu0.1~ubuntu12.10~ppa3
Versione disponibile: 4:4.9.5-0ubuntu0.2

Versione 4:4.9.5-0ubuntu0.2:

  * SECURITY UPDATE: information disclosure via error notifications
    - debian/patches/kubuntu_use_pretty_url.diff: update
      kioslave/http/http.cpp to use prettyUrl()
    - CVE-2013-2074
    - LP: #1178286


Versione 4:4.9.5-0ubuntu0.1:

  * New upstream bugfix release (LP: #1094523)
    - refresh make_libkdeinit4_private.diff
    - drop 0002-Fix-crash-when-no-service-was-selected-user-clicked-.patch
      and 0001-Revert-Also-check-parent-mimetypes-in-protocolForArc.patch,
      applied upstream


Versione 4:4.9.4-0ubuntu0.2:

  * Refresh symbol files for all architectures


Versione 4:4.9.4-0ubuntu0.1:

  [ Philip MuÅ¡kovac ]
  * New upstream bugfix release (LP: #1085516)
    - drop python3-support-bytecode.patch as upstream has support for
      that now
  * Add upstream commit 0820b3173aff4f0f3c803a9e75e726024da38ee5 as
    0002-Fix-crash-when-no-service-was-selected-user-clicked-.patch
    to fix crash when no service was selected (user clicked on "Open With...")

Se ti è piaciuto l'articolo , iscriviti al feed cliccando sull'immagine sottostante per tenerti sempre aggiornato sui nuovi contenuti del blog:

Trovato questo articolo interessante? Condividilo sulla tua rete di contatti Twitter, sulla tua bacheca su Facebook o semplicemente premi "+1" per suggerire questo risultato nelle ricerche in Google, Linkedin, Instagram o Pinterest. Diffondere contenuti che trovi rilevanti aiuta questo blog a crescere. Grazie! CONDIVIDI SU!

stampa la pagina
, , ,

Nessun commento:

Posta un commento

Non inserire link cliccabili altrimenti il commento verrà eliminato. Metti la spunta a Inviami notifiche per essere avvertito via email di nuovi commenti.

Ultimi post pubblicati

Archivio

Etichette

Ubuntulandia in Pinterest

Post Più Popolari