Hi On Mon, Nov 13, 2017 at 10:17:37AM +0100, Yves-Alexis Perez wrote: > Package: konversation > Tag: security > > On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote: > > Hi, > > > > See the November 11th security advisory for Konversation at: > > > > https://konversation.kde.org/ > > > > Reproducer: > > > > echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667 > > > > and then connect to that with Konversation. > > > > May require ASan or other method of detecting the use after free. > > Thanks for the report, I'm adding Pino in the loop but since it's a public > vulnerability you can directly report it to the BTS. > > Pino, can you prepare an update for sid, stretch and jessie (with isolated > patches for stable releases)?
I have prepared both jessie- and stretch-security uploads, though at the moment only stretch-security has been tested. Will come to the jessie one later today. Regards, Salvatore