Your message dated Sat, 18 Nov 2017 21:04:15 +0000 with message-id <e1egahf-000dwc...@fasolo.debian.org> and subject line Bug#881586: fixed in konversation 1.6.2-2+deb9u1 has caused the Debian Bug report #881586, regarding Konversation CVE-2017-15923 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881586 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: konversation Tag: security On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote: > Hi, > > See the November 11th security advisory for Konversation at: > > https://konversation.kde.org/ > > Reproducer: > > echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667 > > and then connect to that with Konversation. > > May require ASan or other method of detecting the use after free. Thanks for the report, I'm adding Pino in the loop but since it's a public vulnerability you can directly report it to the BTS. Pino, can you prepare an update for sid, stretch and jessie (with isolated patches for stable releases)? Regards, -- Yves-Alexissignature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: konversation Source-Version: 1.6.2-2+deb9u1 We believe that the bug you reported is fixed in the latest version of konversation, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated konversation package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 13 Nov 2017 16:06:25 +0100 Source: konversation Binary: konversation konversation-data Architecture: source Version: 1.6.2-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 881586 Description: konversation - user friendly Internet Relay Chat (IRC) client for KDE konversation-data - data files for Konversation Changes: konversation (1.6.2-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2017-15923: Crash in parsing IRC color formatting codes (Closes: #881586) Checksums-Sha1: 50a14c1dc3a1aa34fd45c639016a734bfbd28e70 3165 konversation_1.6.2-2+deb9u1.dsc 7a0143fa195d8fd3f646997e8eeff468f1ec5fdb 3876040 konversation_1.6.2.orig.tar.xz 04ba1422708eca5a4ef34e78b0a3e8822e7bc1e2 25396 konversation_1.6.2-2+deb9u1.debian.tar.xz 4d7f701f1aac8f44b1814fcd29485bc360ee93b9 5991 konversation_1.6.2-2+deb9u1_source.buildinfo Checksums-Sha256: a0af6b4305a02f8c0e716b6a9210e0fac8de276d73fdf91ec7d03f6b85fd4b4a 3165 konversation_1.6.2-2+deb9u1.dsc b6521dc29ee4e2b2b6d736860d1edb381609ee182a13517680439dcfa9d6289d 3876040 konversation_1.6.2.orig.tar.xz b5a587722af9ee8a9b74483a493cf35f9f93f892eae1304c6935b16dd909190e 25396 konversation_1.6.2-2+deb9u1.debian.tar.xz 6c6963a5ed328aba2ce7b271be57989acac8dbcc17c819e16f25981a3d42ecaf 5991 konversation_1.6.2-2+deb9u1_source.buildinfo Files: 2f22fdfb6e937fbf56a5004ebb9d8872 3165 net optional konversation_1.6.2-2+deb9u1.dsc b65e30362158fb68e80fa42734ca2558 3876040 net optional konversation_1.6.2.orig.tar.xz ff203ac55422eb3d1bf8cd6cc4ca65f1 25396 net optional konversation_1.6.2-2+deb9u1.debian.tar.xz b1cbc30d91360cd0f900dae37203ebe2 5991 net optional konversation_1.6.2-2+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloJwBdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E0owP/04cOXA676i4Tumlm89NaUrCLbUFMb3/ XtbwulQFB1X5ou9mZkEtxIzRuIlZcRksvvhBCS6NOOm2p9J6YYphxN5W55sU9DBk 7VxjCl34J0WKgVhn0UOu/CmDi1C8GxvbcrA8GxeCfw4aCg6jeV+QKriqh/kn83H7 K7dGKZAlv85NPp78snbFGphldjSmQKOOKYv3/ic/ABnlo8BKalXhBrhkMOYqsb1+ fMtH+wNwCUc6pWopcMUI8Es+JmRMSYj7Ck96/rIRsznoz0PpVZXtvWibeYOG6v2u 3Cnj3EtnrS7lCaxK7AvaBXXzXu4iM22SvaFmL5+CQm2/jK0881w/W7GHpdNXjo+6 JNV+N3jkF4BVkEnVMRmBgq/iDPbP6V74taoiEDsuq+JdcE5+ja3l0U0Do75xh6H2 ZYS5VLAr5NycbBjiMn6UwfIYHIaOZxkp1VS0ORkdWXlAOZSjt3HLi+KPla0U1Jw/ RHdD4NKusRNi1idAPYkZ7dnL6zauU6xGNo0hd2hYyPKjwrsKsXCGwrzhENTDh02m mYKLi5g9u13b1cU4RZ+x2X26tCuQxKrRHzAPThzNFI4T/5KJg4bCb994sgjMvL5l vlaNRC9ecGizel1yhY2UyI+yWWzqZGz9e4TeGv96uDhFPSKlhiw+e4pyiaeG6Zt4 sfaUwoH0DIKy =KaVn -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras