On Mon, Nov 13, 2017 at 10:17:37AM +0100, Yves-Alexis Perez wrote:
> Package: konversation
> Tag: security
> On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote:
> > Hi,
> > See the November 11th security advisory for Konversation at:
> > https://konversation.kde.org/
> > Reproducer:
> > echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667
> > and then connect to that with Konversation.
> > May require ASan or other method of detecting the use after free.
> Thanks for the report, I'm adding Pino in the loop but since it's a public
> vulnerability you can directly report it to the BTS.
> Pino, can you prepare an update for sid, stretch and jessie (with isolated
> patches for stable releases)?
I have prepared both jessie- and stretch-security uploads, though at
the moment only stretch-security has been tested. Will come to the
jessie one later today.
pkg-kde-extras mailing list