Package: konversation Tag: security On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote: > Hi, > > See the November 11th security advisory for Konversation at: > > https://konversation.kde.org/ > > Reproducer: > > echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667 > > and then connect to that with Konversation. > > May require ASan or other method of detecting the use after free.
Thanks for the report, I'm adding Pino in the loop but since it's a public vulnerability you can directly report it to the BTS. Pino, can you prepare an update for sid, stretch and jessie (with isolated patches for stable releases)? Regards, -- Yves-Alexis
Description: This is a digitally signed message part