Hi

On Mon, Nov 13, 2017 at 10:17:37AM +0100, Yves-Alexis Perez wrote:
> Package: konversation
> Tag: security
> 
> On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote:
> > Hi,
> > 
> > See the November 11th security advisory for Konversation at:
> > 
> > https://konversation.kde.org/
> > 
> > Reproducer:
> > 
> > echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667
> > 
> > and then connect to that with Konversation.
> > 
> > May require ASan or other method of detecting the use after free.
> 
> Thanks for the report, I'm adding Pino in the loop but since it's a public
> vulnerability you can directly report it to the BTS.
> 
> Pino, can you prepare an update for sid, stretch and jessie (with isolated
> patches for stable releases)?

I have prepared both jessie- and stretch-security uploads, though at
the moment only stretch-security has been tested. Will come to the
jessie one later today.

Regards,
Salvatore

_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to