[Bug 1629145] Re: Fix CVE-2016-7787

[Simon Quigley]

Thanks for your help, Seth! :)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Seth Arnold]

Thanks Simon!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Launchpad Bug Tracker]

This bug was fixed in the package kde-cli-tools - 4:5.5.5-0ubuntu1.1

---
kde-cli-tools (4:5.5.5-0ubuntu1.1) xenial-security; urgency=high

  * SECURITY UPDATE: kdesu may show a different string than it would execute
with elevated privileges. (LP: #1629145)
- debian/patches/01-patch-kde-CVE-2016-7787.diff
- CVE-2016-7787

 -- Simon Quigley   Thu, 29 Sep 2016 18:43:32 -0500

** Changed in: kde-cli-tools (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Simon Quigley]

Seth, yes, it works exactly as intended.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Seth Arnold]

Simon, does kdesu still work as expected?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Simon Quigley]

Hey Seth,

I can confirm that this package does build correctly. I built it
locally.

As for testing, the instructions for reproducing this CVE are not
entirely clear (I don't know what "specially crafted" command they are
referring to, it could be a lot of things). Again, I'm new to this
process and I'm not a security expert of any kind.

This package installs successfully on a fresh, fully updated Kubuntu
16.04 install with no problems.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Seth Arnold]

Thanks Simon, the patch looks good; I changed the debian/changelog to
match our usual style:

  * SECURITY UPDATE: kdesu may show a different string than it would execute 
with elevated privileges. (LP: #1629145)
- debian/patches/01-patch-kde-CVE-2016-7787.diff
- CVE-2016-7787


https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging

Can you confirm that you've built and tested this package?

Thanks

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde-cli-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
kubuntu-bugs mailing list
kubuntu-b...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Simon Quigley]

** Changed in: kde-cli-tools (Ubuntu)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kde-cli-tools (Ubuntu)
   Status: New => In Progress

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7787

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1629145] Re: Fix CVE-2016-7787

[Seth Arnold]

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629145

Title:
  Fix CVE-2016-7787

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs