Debian Bug report logs - #287201
KIOSlave FTP client can be made to send email

version graph

Package: kdelibs; Maintainer for kdelibs is Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>;

Reported by: Ian Gulliver <ian@penguinhosting.net>

Date: Sat, 25 Dec 2004 19:18:01 UTC

Severity: grave

Tags: sarge, security, sid

Merged with 285128

Found in version 3.2.3-2

Fixed in version kdelibs/4:3.3.2-1

Done: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#287201; Package kdelibs. Full text and rfc822 format available.

Acknowledgement sent to Ian Gulliver <ian@penguinhosting.net>:
New Bug report received and forwarded. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ian Gulliver <ian@penguinhosting.net>
To: submit@bugs.debian.org
Subject: KIOSlave FTP client can be made to send email
Date: Sat, 25 Dec 2004 14:00:01 -0500
[Message part 1 (text/plain, inline)]
Package: kdelibs
Version: 3.2.3-2
Severity: grave

The KIOSlave FTP client is vulnerable to the same exploit as Internet
Explorer:

http://lists.netsys.com/pipermail/full-disclosure/2004-December/030229.html

Anything that can pass an FTP URL to it, i.e. a malicious website viewed
in Konqueror, can cause it to send mail without user interaction.  A
proposed, untested patch is attached.

-- 
Ian Gulliver
Penguin Hosting
"Failure is not an option; it comes bundled with your Microsoft products."
[kdelibs-3.2.3-ftp-fixed.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags added: security Request was from Ian Gulliver <ian@penguinhosting.net> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 285128 287201. Request was from Adeodato Simó <asp16@alu.ua.es> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `important'. Request was from Adeodato Simó <asp16@alu.ua.es> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `grave'. Request was from Adeodato Simó <asp16@alu.ua.es> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#287201; Package kdelibs. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #18 received at 287201@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 287201@bugs.debian.org
Cc: security@debian.org
Subject: [patch] KDE ftp kioslave applies to woody as well
Date: Wed, 5 Jan 2005 19:11:41 +0100
[Message part 1 (text/plain, inline)]
Hi,
this applies to woody as well. Attached you can find the backported upstream
patch against 2.2.2. BTW, this is CAN-2004-1165.

Cheers,
        Moritz
[kdelibs-kioslave-ftp-CAN-2004-1156.patch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#287201; Package kdelibs. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #23 received at 287201@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 287201@bugs.debian.org, security@debian.org
Subject: Re: [patch] KDE ftp kioslave applies to woody as well
Date: Thu, 6 Jan 2005 16:49:21 +0100
Moritz Muehlenhoff wrote:
> Hi,
> this applies to woody as well. Attached you can find the backported upstream
> patch against 2.2.2. BTW, this is CAN-2004-1165.
> 
> Cheers,
>         Moritz

> diff -Naur kdelibs-2.2.2.orig/kio/ftp/ftp.cc kdelibs-2.2.2/kio/ftp/ftp.cc
> --- kdelibs-2.2.2.orig/kio/ftp/ftp.cc	Wed Jan  5 12:29:07 2005
> +++ kdelibs-2.2.2/kio/ftp/ftp.cc	Wed Jan  5 12:28:25 2005
> @@ -596,6 +596,14 @@
>  {
>    assert( sControl > 0 );
>  
> +  if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
> +  {
> +    kdWarning(7102) << "Invalid command received (contains CR or LF): "
> +                    << cmd.data() << endl;
> +    error( ERR_UNSUPPORTED_ACTION, m_host );
> +    return false;
> +  }
> +
>    QCString buf = cmd;
>    buf += "\r\n";

Thanks, that was on my agenda as well.  Working on it now.

Please
 . update the package in sid
 . mention the CVE id from the subject in the changelog
 . tell me the version number of the fixed package
 . use priority=high
 . no need to upload into sarge directly, except the version in
   sid is not meant to go into testing

Regards,

	Joey

-- 
Let's call it an accidental feature.  -- Larry Wall



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#287201; Package kdelibs. Full text and rfc822 format available.

Acknowledgement sent to Adeodato Simó <asp16@alu.ua.es>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #28 received at 287201@bugs.debian.org (full text, mbox):

From: Adeodato Simó <asp16@alu.ua.es>
To: Martin Schulze <joey@infodrom.org>, 287201@bugs.debian.org
Cc: security@debian.org
Subject: Re: Bug#287201: [patch] KDE ftp kioslave applies to woody as well
Date: Thu, 6 Jan 2005 21:51:59 +0100
* Martin Schulze [Thu, 06 Jan 2005 16:49:21 +0100]:

> Please
>  . update the package in sid
>  . mention the CVE id from the subject in the changelog
>  . tell me the version number of the fixed package
>  . use priority=high
>  . no need to upload into sarge directly, except the version in
>    sid is not meant to go into testing

  I recommend that you don't wait for the unstable package to be
  uploaded, since we need to hold it up until the latest kdebase and
  arts packages are built on all arches (#98 and #88 in the sparc queue,
  #18 and #14 in mipsel, the m68k buildd that picked kdebase is "fast").

  Of course, you may want to mail us just before the stable security
  update happens, in case we're ready to go then. Is there an ETA for it
  already?

  Thanks.

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
    Listening to: Miguel Bosé - Nada particular
 
From the moment I picked your book up until I put it down I was
convulsed with laughter. Some day I intend reading it.
                -- Groucho Marx




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#287201; Package kdelibs. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #33 received at 287201@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Adeodato Simó <asp16@alu.ua.es>
Cc: 287201@bugs.debian.org, security@debian.org
Subject: Re: Bug#287201: [patch] KDE ftp kioslave applies to woody as well
Date: Fri, 7 Jan 2005 08:59:36 +0100
Adeodato Simó wrote:
> * Martin Schulze [Thu, 06 Jan 2005 16:49:21 +0100]:
> 
> > Please
> >  . update the package in sid
> >  . mention the CVE id from the subject in the changelog
> >  . tell me the version number of the fixed package
> >  . use priority=high
> >  . no need to upload into sarge directly, except the version in
> >    sid is not meant to go into testing
> 
>   I recommend that you don't wait for the unstable package to be
>   uploaded, since we need to hold it up until the latest kdebase and
>   arts packages are built on all arches (#98 and #88 in the sparc queue,
>   #18 and #14 in mipsel, the m68k buildd that picked kdebase is "fast").

I won't wait unless I get a notice.

>   Of course, you may want to mail us just before the stable security
>   update happens, in case we're ready to go then. Is there an ETA for it
>   already?

It depends how fast packages are built on our 11 architectures and
if there are problems.  For example, on i386 I just noticed:

Checking kdelibs3_2.2.2-13.woody.13_i386.deb against stable
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files in second .deb but not in first
-------------------------------------
/usr/lib/libgmcop.la
/usr/lib/libgmcop.so
/usr/lib/libgmcop.so.0
/usr/lib/libgmcop.so.0.0.0

I have no idea where this library comes from.

Regards,

	Joey

-- 
There are lies, statistics and benchmarks.

Please always Cc to me when replying to me on the lists.



Tags added: pending Request was from Adeodato Simó <asp16@alu.ua.es> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: pending Request was from Adeodato Simó <asp16@alu.ua.es> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#287201; Package kdelibs. Full text and rfc822 format available.

Acknowledgement sent to bob@proulx.com (Bob Proulx):
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #42 received at 287201@bugs.debian.org (full text, mbox):

From: bob@proulx.com (Bob Proulx)
To: debian-security@lists.debian.org, 287201@bugs.debian.org
Subject: Re: [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution
Date: Mon, 10 Jan 2005 10:40:48 -0700
[Message part 1 (text/plain, inline)]
> Package        : kdelibs
> Debian Bug     : 287201
> ...
> For the stable distribution (woody) this problem has been fixed in
> version 2.2.2-13.woody.13.

This fails to upgrade for me.  It seems I don't have libarts
installed.  This package introduces four new files and a change and
increase in dependencies to now include new libraries.

This breaks 'upgrade' semantics.  It now requires a 'dist-upgrade'.
This surely was not intentional.

Here is what debdiff says.

  debdiff kdelibs3_2.2.2-13.woody.12_i386.deb kdelibs3_2.2.2-13.woody.13_i386.deb

  Files in second .deb but not in first
  -------------------------------------
  /usr/lib/libgmcop.la
  /usr/lib/libgmcop.so
  /usr/lib/libgmcop.so.0
  /usr/lib/libgmcop.so.0.0.0

  The following lines in the control files differ (wdiff output format):
  ----------------------------------------------------------------------
  Version: [-4:2.2.2-13.woody.12-] {+4:2.2.2-13.woody.13+}
  Depends: {+libarts (>= 4:2.2.2-1) | libarts-alsa (>= 4:2.2.2-1),+} libbz2-1.0, libc6 (>= 2.2.4-4), libfam0, {+libglib2.0-0 (>= 2.0.1),+} libjpeg62, libpcre3, libpng2(>=1.0.12), libqt2 (>= 3:2.3.1-1), libstdc++2.10-glibc2.2 (>= 1:2.95.4-0.010810), libtiff3g, libxml2 (>= 2.4.19-4), libxslt1 (>= 1.0.16), xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4), kdelibs3-bin | kdelibs-bin, xbase-clients
  Installed-Size: [-23972-] {+24032+}

Should a new update with a correction be issued?

Bob

P.S. By the way, note the misspelled "kdlibs" in the subject.
[signature.asc (application/pgp-signature, inline)]

Reply sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Ian Gulliver <ian@penguinhosting.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #47 received at 285128-close@bugs.debian.org (full text, mbox):

From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 285128-close@bugs.debian.org
Subject: Bug#285128: fixed in kdelibs 4:3.3.2-1
Date: Sun, 16 Jan 2005 17:02:24 -0500
Source: kdelibs
Source-Version: 4:3.3.2-1

We believe that the bug you reported is fixed in the latest version of
kdelibs, which is due to be installed in the Debian FTP archive:

kdelibs-bin_3.3.2-1_i386.deb
  to pool/main/k/kdelibs/kdelibs-bin_3.3.2-1_i386.deb
kdelibs-data_3.3.2-1_all.deb
  to pool/main/k/kdelibs/kdelibs-data_3.3.2-1_all.deb
kdelibs4-dev_3.3.2-1_i386.deb
  to pool/main/k/kdelibs/kdelibs4-dev_3.3.2-1_i386.deb
kdelibs4-doc_3.3.2-1_all.deb
  to pool/main/k/kdelibs/kdelibs4-doc_3.3.2-1_all.deb
kdelibs4_3.3.2-1_i386.deb
  to pool/main/k/kdelibs/kdelibs4_3.3.2-1_i386.deb
kdelibs_3.3.2-1.diff.gz
  to pool/main/k/kdelibs/kdelibs_3.3.2-1.diff.gz
kdelibs_3.3.2-1.dsc
  to pool/main/k/kdelibs/kdelibs_3.3.2-1.dsc
kdelibs_3.3.2-1_all.deb
  to pool/main/k/kdelibs/kdelibs_3.3.2-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 285128@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdelibs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 16 Jan 2005 20:48:01 +0100
Source: kdelibs
Binary: kdelibs4 kdelibs-bin kdelibs kdelibs4-doc kdelibs-data kdelibs4-dev
Architecture: source i386 all
Version: 4:3.3.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description: 
 kdelibs    - KDE core libraries metapackage
 kdelibs-bin - KDE core binaries
 kdelibs-data - KDE core shared data
 kdelibs4   - KDE core libraries
 kdelibs4-dev - KDE core libraries (development files)
 kdelibs4-doc - KDE core library documentation
Closes: 263430 285128 286521 287097 287201 287566 288653 289164 290190 290191
Changes: 
 kdelibs (4:3.3.2-1) unstable; urgency=medium
 .
   +++ Changes by Adeodato Simó:
 .
   * Uploading to unstable. This new upstream version fixes CAN-2004-1145,
     "Konqueror Java Vulnerability", and thus closes: #286521. Urgency set
     to medium for this reason (the package has been in experimental for some
     time, and has been checked to work properly with the rest of 3.3.1
     packages).
 .
   * debian/control:
     - make kdelibs-data replace kjscmd (<< 4:3.3.0), which was missed in the
       3.3.1-1 upload and completely forgotten since then. (Closes: #288653)
 .
   * debian/kdelibs-data.install: the files added in the previous upload were
     checked not to exist in oo.o-mimelnk in sid, but sadly they exist in the
     version in sarge. Reverted them for now, will be re-added when OpenOffice
     1.1.3 enters sarge (with the proper Conflicts: entry). (Closes: #287097)
 .
     List of files:
       - usr/share/mimelnk/application/vnd.sun.xml.calc.template.desktop
       - usr/share/mimelnk/application/vnd.sun.xml.draw.template.desktop
       - usr/share/mimelnk/application/vnd.sun.xml.impress.template.desktop
       - usr/share/mimelnk/application/vnd.sun.xml.writer.template.desktop
 .
   +++ Changes by Christopher Martin:
 .
   * KDE_3_3_BRANCH update. Pulls in the fix for CAN-2004-1165, the FTP command
     injection bug. (Closes: #285128, #287201)
 .
   * Add patch to change the group set by KDE CUPS configurator to Debian's
     default, lpadmin, rather than sys. (Closes: #263430)
 .
   * Add kaccel hack that works around a Konqueror crash with Russian keyboards.
     (Closes: #287566)
 .
   * Change debian/copyright file to refer to licenses, instead of copyright,
     when discussing KDE's licenses. (Closes: #290191, #290190)
 .
   * Change dependency on perl-suid to perl, and add Recommends: perl-suid.
     The lack of perl-suid should only cause problems for some users using
     NFS or SMB shares. (Closes: #289164)
Files: 
 5a5b291bbb6afb99219a8eb20d367587 1302 libs optional kdelibs_3.3.2-1.dsc
 77e5cafe54180b108026cf769f0881d4 249693 libs optional kdelibs_3.3.2-1.diff.gz
 3e52b23a11b1f2525227b7b92557c528 853130 libs optional kdelibs-bin_3.3.2-1_i386.deb
 57a32d66d0b83303f5c2df8ad4282045 8185634 libs optional kdelibs4_3.3.2-1_i386.deb
 e16a623a61e3e782d6156c862b6f9ca5 1230822 libdevel optional kdelibs4-dev_3.3.2-1_i386.deb
 7254ee7da031de021e093ee53e909f97 18232 kde optional kdelibs_3.3.2-1_all.deb
 05de696544e6470efe771d1a9e09f342 7082858 libs optional kdelibs-data_3.3.2-1_all.deb
 87121b89ce0b5c7e1aa7bc386498f735 11530760 doc optional kdelibs4-doc_3.3.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Signed by Isaac Clerencia <isaac@warp.es>

iD8DBQFB6uEzQET2GFTmct4RAsBzAJ9vxU5BEvEIF/9roHrIGcq7C107LgCfZv02
73cZKZqziTtyQgYhlWRhZT0=
=Pz0s
-----END PGP SIGNATURE-----




Message #48 received at 287201-close@bugs.debian.org (full text, mbox):

From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 287201-close@bugs.debian.org
Subject: Bug#287201: fixed in kdelibs 4:3.3.2-1
Date: Sun, 16 Jan 2005 17:02:25 -0500
Source: kdelibs
Source-Version: 4:3.3.2-1

We believe that the bug you reported is fixed in the latest version of
kdelibs, which is due to be installed in the Debian FTP archive:

kdelibs-bin_3.3.2-1_i386.deb
  to pool/main/k/kdelibs/kdelibs-bin_3.3.2-1_i386.deb
kdelibs-data_3.3.2-1_all.deb
  to pool/main/k/kdelibs/kdelibs-data_3.3.2-1_all.deb
kdelibs4-dev_3.3.2-1_i386.deb
  to pool/main/k/kdelibs/kdelibs4-dev_3.3.2-1_i386.deb
kdelibs4-doc_3.3.2-1_all.deb
  to pool/main/k/kdelibs/kdelibs4-doc_3.3.2-1_all.deb
kdelibs4_3.3.2-1_i386.deb
  to pool/main/k/kdelibs/kdelibs4_3.3.2-1_i386.deb
kdelibs_3.3.2-1.diff.gz
  to pool/main/k/kdelibs/kdelibs_3.3.2-1.diff.gz
kdelibs_3.3.2-1.dsc
  to pool/main/k/kdelibs/kdelibs_3.3.2-1.dsc
kdelibs_3.3.2-1_all.deb
  to pool/main/k/kdelibs/kdelibs_3.3.2-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 287201@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdelibs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 16 Jan 2005 20:48:01 +0100
Source: kdelibs
Binary: kdelibs4 kdelibs-bin kdelibs kdelibs4-doc kdelibs-data kdelibs4-dev
Architecture: source i386 all
Version: 4:3.3.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description: 
 kdelibs    - KDE core libraries metapackage
 kdelibs-bin - KDE core binaries
 kdelibs-data - KDE core shared data
 kdelibs4   - KDE core libraries
 kdelibs4-dev - KDE core libraries (development files)
 kdelibs4-doc - KDE core library documentation
Closes: 263430 285128 286521 287097 287201 287566 288653 289164 290190 290191
Changes: 
 kdelibs (4:3.3.2-1) unstable; urgency=medium
 .
   +++ Changes by Adeodato Simó:
 .
   * Uploading to unstable. This new upstream version fixes CAN-2004-1145,
     "Konqueror Java Vulnerability", and thus closes: #286521. Urgency set
     to medium for this reason (the package has been in experimental for some
     time, and has been checked to work properly with the rest of 3.3.1
     packages).
 .
   * debian/control:
     - make kdelibs-data replace kjscmd (<< 4:3.3.0), which was missed in the
       3.3.1-1 upload and completely forgotten since then. (Closes: #288653)
 .
   * debian/kdelibs-data.install: the files added in the previous upload were
     checked not to exist in oo.o-mimelnk in sid, but sadly they exist in the
     version in sarge. Reverted them for now, will be re-added when OpenOffice
     1.1.3 enters sarge (with the proper Conflicts: entry). (Closes: #287097)
 .
     List of files:
       - usr/share/mimelnk/application/vnd.sun.xml.calc.template.desktop
       - usr/share/mimelnk/application/vnd.sun.xml.draw.template.desktop
       - usr/share/mimelnk/application/vnd.sun.xml.impress.template.desktop
       - usr/share/mimelnk/application/vnd.sun.xml.writer.template.desktop
 .
   +++ Changes by Christopher Martin:
 .
   * KDE_3_3_BRANCH update. Pulls in the fix for CAN-2004-1165, the FTP command
     injection bug. (Closes: #285128, #287201)
 .
   * Add patch to change the group set by KDE CUPS configurator to Debian's
     default, lpadmin, rather than sys. (Closes: #263430)
 .
   * Add kaccel hack that works around a Konqueror crash with Russian keyboards.
     (Closes: #287566)
 .
   * Change debian/copyright file to refer to licenses, instead of copyright,
     when discussing KDE's licenses. (Closes: #290191, #290190)
 .
   * Change dependency on perl-suid to perl, and add Recommends: perl-suid.
     The lack of perl-suid should only cause problems for some users using
     NFS or SMB shares. (Closes: #289164)
Files: 
 5a5b291bbb6afb99219a8eb20d367587 1302 libs optional kdelibs_3.3.2-1.dsc
 77e5cafe54180b108026cf769f0881d4 249693 libs optional kdelibs_3.3.2-1.diff.gz
 3e52b23a11b1f2525227b7b92557c528 853130 libs optional kdelibs-bin_3.3.2-1_i386.deb
 57a32d66d0b83303f5c2df8ad4282045 8185634 libs optional kdelibs4_3.3.2-1_i386.deb
 e16a623a61e3e782d6156c862b6f9ca5 1230822 libdevel optional kdelibs4-dev_3.3.2-1_i386.deb
 7254ee7da031de021e093ee53e909f97 18232 kde optional kdelibs_3.3.2-1_all.deb
 05de696544e6470efe771d1a9e09f342 7082858 libs optional kdelibs-data_3.3.2-1_all.deb
 87121b89ce0b5c7e1aa7bc386498f735 11530760 doc optional kdelibs4-doc_3.3.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Signed by Isaac Clerencia <isaac@warp.es>

iD8DBQFB6uEzQET2GFTmct4RAsBzAJ9vxU5BEvEIF/9roHrIGcq7C107LgCfZv02
73cZKZqziTtyQgYhlWRhZT0=
=Pz0s
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 04:55:30 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.