Comment 1 Carsten Lohrke (RETIRED) 2007-04-19 16:26:31 UTC

The following ebuilds should go stable:

nsplugins-3.5.5-r2
kdebase-3.5.5-r4

kde.org will release an announcement on the 10th of July as well. Don't know if Opera has anything in the pipeline to work around the flash player vulnerability, but if not the flash package should probably be hard masked given that it is roundabout six weeks to an update.

Comment 2 Carsten Lohrke (RETIRED) 2007-04-25 17:01:02 UTC

Opera apparently dealt with it with the 9.20 release. Security, patches are in cvs, how about cc'ing the arch security liasons?

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) 2007-04-30 09:18:56 UTC

Carlo, sorry for the delay I've been away on vacation for the last 10 days.

Arch security liaisons please test and mark stable.

Target keywords are:
nsplugins-3.5.5-r2.ebuild:KEYWORDS="alpha amd64 ia64 ppc ppc64 sparc x86 ~x86-fbsd"
kdebase-3.5.5-r4.ebuild:KEYWORDS="alpha amd64 hppa ia64 mips ppc ppc64 sparc x86"

Comment 4 Markus Rothe (RETIRED) 2007-05-01 17:36:55 UTC

ppc64 stable

Comment 5 Gustavo Zacarias (RETIRED) 2007-05-02 13:52:05 UTC

sparc stable.

Comment 6 Carsten Lohrke (RETIRED) 2007-05-06 12:16:11 UTC

x86 stable 

Comment 7 Carsten Lohrke (RETIRED) 2007-05-09 18:18:16 UTC

cc'ing kugelfang for amd64

Comment 8 Steve Dibb (RETIRED) 2007-05-11 18:49:49 UTC

amd64 stable

Comment 9 Jeroen Roovers (RETIRED) 2007-05-25 00:34:51 UTC

kde-base/kdebase-3.5.5-r4: hppa stable. That leaves just ia64 and ppc wrt kdebase.

Sorry for the delay btw - I had other bugs to work through.

Comment 10 Sune Kloppenborg Jeppesen (RETIRED) 2007-06-03 15:27:07 UTC

CC'ing ferdy for alpha.

Comment 11 Fernando J. Pereda (RETIRED) 2007-06-04 20:17:15 UTC

armin76 will do alpha

Comment 12 Raúl Porcel (RETIRED) 2007-06-04 21:26:50 UTC

alpha stable

I'll try to do ia64 too, but will take some time first since i need to test both nsplugins and kdebase.

Comment 13 Raúl Porcel (RETIRED) 2007-06-05 10:59:18 UTC

ia64 stable :)

Comment 14 Tobias Scherbaum (RETIRED) 2007-06-05 16:22:01 UTC

ppc stable

Comment 15 Sune Kloppenborg Jeppesen (RETIRED) 2007-06-06 19:56:50 UTC

I'm not sure what the "critical issue" but I guess it would be at least get a severity rating of 3 making a GLSA needed.

Comment 16 Sune Kloppenborg Jeppesen (RETIRED) 2007-06-14 18:40:11 UTC

This seems public already at above URL but nothing on the kde site.

Comment 17 Sune Kloppenborg Jeppesen (RETIRED) 2007-06-16 06:53:38 UTC

kde/security please advise.

Comment 18 Sune Kloppenborg Jeppesen (RETIRED) 2007-06-25 08:59:25 UTC

It appears that KDE will not issue an advisory about this. I think we should move this one to noglsa status and open it to the public once we reach the disclosure date and then close it.

Comments?

Comment 19 Sune Kloppenborg Jeppesen (RETIRED) 2007-07-01 02:16:09 UTC

Setting status to noglsa and keeping the bug open undtil the disclosure date. Feel free to change status if you disagree.

Comment 20 Pierre-Yves Rofes (RETIRED) 2007-08-06 08:18:01 UTC

this is public now, sorry for the delay. 
cc'ing mips so they can stable kdebase-3.5.5-r4, and closing.