Fixes for all supported (affected) releases (Trusty-Artful) of Kubuntu are in ppa:tsimonq2/security-builds and fixes for the packages in Backports are in ppa:kubuntu-ppa/backports-landing. If you use Konversation, please test these packages to make sure they work, and report back by either pinging me on IRC (tsimonq2 in #kubuntu-devel on freenode) or replying to this email.
If nobody reports back for any specific release, on Tuesday afternoon (USA time), I'll test the updates myself (and push them and see if the security team can push the ones from my PPA into the archive), but I would prefer if people who already have experience with Konversation would test these packages. Thanks! -------- Forwarded Message -------- Subject: KDE Project Security Advisory: Konversation: Crash in IRC message parsing Date: Sun, 12 Nov 2017 12:18:05 +0100 From: Albert Astals Cid <[email protected]> To: [email protected] KDE Project Security Advisory ============================= Title: Konversation: Crash in IRC message parsing Risk Rating: High CVE: CVE-2017-15923 Versions: konversation <= 1.7.2 Date: 12 November 2017 Overview ======== Konversation has support for colors in IRC messages. Any malicious user connected to the same IRC network can send a carefully crafted message that will crash the Konversation user client. Workaround ========== Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom) Solution ======== Update to Konversation > 1.7.2 Or apply the following patches: 1.7: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=34cc9556c1a089fac6b674d3bd6f2248e9512902 1.6: https://cgit.kde.org/konversation.git/commit/?h=1.6&id=cebf8d7658b0e3afb0292c273704ec4d2ea4019f 1.5: https://cgit.kde.org/konversation.git/commit/?h=1.5&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 1.4: the patch for 1.5 will apply, but you should upgrade Credits ======= Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix. -- kubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
