Your message dated Sat, 18 Nov 2017 22:19:01 +0000
with message-id <e1egbs1-0005ui...@fasolo.debian.org>
and subject line Bug#881586: fixed in konversation 1.5-2+deb8u1
has caused the Debian Bug report #881586,
regarding Konversation CVE-2017-15923
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: konversation
Tag: security

On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote:
> Hi,
> 
> See the November 11th security advisory for Konversation at:
> 
> https://konversation.kde.org/
> 
> Reproducer:
> 
> echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667
> 
> and then connect to that with Konversation.
> 
> May require ASan or other method of detecting the use after free.

Thanks for the report, I'm adding Pino in the loop but since it's a public
vulnerability you can directly report it to the BTS.

Pino, can you prepare an update for sid, stretch and jessie (with isolated
patches for stable releases)?

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
--- Begin Message ---
Source: konversation
Source-Version: 1.5-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
konversation, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated konversation 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 Nov 2017 16:41:12 +0100
Source: konversation
Binary: konversation konversation-data konversation-dbg
Architecture: all source
Version: 1.5-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 881586
Description: 
 konversation - user friendly Internet Relay Chat (IRC) client for KDE
 konversation-data - data files for Konversation
 konversation-dbg - debugging symbols for Konversation
Changes:
 konversation (1.5-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2017-15923: Crash in parsing IRC color formatting codes
     (Closes: #881586)
Checksums-Sha1: 
 957237658bfda48bc4818deab5617775642410a2 2436 konversation_1.5-2+deb8u1.dsc
 3955a43758750b63d84299a9d9a5933b73e5492b 3169284 konversation_1.5.orig.tar.xz
 8b90c9d2234f10776886d8ca0db9e600169b63fa 27108 
konversation_1.5-2+deb8u1.debian.tar.xz
 899a916d40a5ffeaf61bf14eef499084a76e10de 3039240 
konversation-data_1.5-2+deb8u1_all.deb
Checksums-Sha256: 
 56f0811183870306868b6556ac85ae3b2a018025d6db43421139ed84f9cb67a5 2436 
konversation_1.5-2+deb8u1.dsc
 382de6217ec1e27c292ec33473a31b893863dc699c79669f5ef364152719546f 3169284 
konversation_1.5.orig.tar.xz
 3eaddfaa3f1b17e51f11b3492483b078c35ab9b09bc4fd40395777aef65097d8 27108 
konversation_1.5-2+deb8u1.debian.tar.xz
 ac9cfc7d36a41bcb37c1f2611d166a94ee5dee41469f8715e90a0da853420d7a 3039240 
konversation-data_1.5-2+deb8u1_all.deb
Files: 
 f72a605cc04308614e3d87e84a143512 2436 net optional 
konversation_1.5-2+deb8u1.dsc
 c65c97012854f334d87b3a8df32b38f1 3169284 net optional 
konversation_1.5.orig.tar.xz
 708920c330e71c1837556bb9e73fe8ec 27108 net optional 
konversation_1.5-2+deb8u1.debian.tar.xz
 a83b3f2407b7add39d68fcb122ddb29b 3039240 net optional 
konversation-data_1.5-2+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloJwGxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EvuUP/iyy/LoewA7xCQ5KYhmV+c7S66qrxMW2
pEH9zveO5vxVk5zK/YQVw+B5kJojAjHMCpNVePR+7vz0Ie+czsgHdrtdrjkczrpP
0Us3Rirefw1ssrJ6vJQlzymUZzWE+daJYs6inVpUUIzPTNDMejcfhWX/7s8g75ww
RCxB9kFrGSiGdee9DcKG8hc7mihHZvCdlOCmDgD99+QT0bYO/dDFaba9Ssb+9Zte
VMS3v6wEwzZSkag6QZQgFaq7GEFq2acMWBKvq1i+O8nzjCr9/KHpf7okvpmsLzpq
zJQlbzvWE4SIcCkNfC0UMfYUWeOVzOQjewM2QV+6MWTGPxim3zhrnODJrucHoGKw
CLtl3ym610dauS6NrLN4KLERlLLVZiEofBStThNrYzVlv/ii7X1LsJmuLYHQVn53
LbmPr7TtBPtbRZpKbynT8AIF/ZUORar//wqz3Cn9Y2RbXl3hMwroYdg36kYUr0MB
hnGdBanq1BV1MjKghtC+4LP2Bhvik8zrUAcZxQtssuPaC+cMXw9oxf748HGPJOz2
SdGf6QRSHWzwC1xj7m8IMa4S+nW1Jo1qBKVSpEetjmc4On2zGc+4G3jzuBUScGas
agMzugzXWnF63EkmhL+ATv8zib7ly2aB8zET8ac6o0HAmd/1HrMMW8CHod/C1X6A
OK/kxlyzUqfM
=EYNL
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to