> I tried to backport the CVE-2016-7966 fix commit to kf 5.26 and it didn't
> apply cleanly, it would be nice if the advisory includes the list of the
> commits to backport, or maybe a new 5.26.1 kcoreaddons bugfix release.

Yes another patch is missing there - I already informed them and hopefully 
they will update the infos. I also asked if they will ship a updated 5.26 

> About: https://www.kde.org/info/security/advisory-20161006-3.txt
> Via irc you mentioned that non qtwebengine versions are affected by this as
> well, that contradict the versions listed in the advisory message. As you
> know, we are currently using qt 5.6 and messagelib from 16.04, which set of
> patches should we include?

No I misread the CVE. There is nothing to do here.



Attachment: signature.asc
Description: This is a digitally signed message part.


Reply via email to