[Bug 1629145] Re: Fix CVE-2016-7787
Thanks for your help, Seth! :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
Thanks Simon! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
This bug was fixed in the package kde-cli-tools - 4:5.5.5-0ubuntu1.1 --- kde-cli-tools (4:5.5.5-0ubuntu1.1) xenial-security; urgency=high * SECURITY UPDATE: kdesu may show a different string than it would execute with elevated privileges. (LP: #1629145) - debian/patches/01-patch-kde-CVE-2016-7787.diff - CVE-2016-7787 -- Simon QuigleyThu, 29 Sep 2016 18:43:32 -0500 ** Changed in: kde-cli-tools (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
Seth, yes, it works exactly as intended. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
Simon, does kdesu still work as expected? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
Hey Seth, I can confirm that this package does build correctly. I built it locally. As for testing, the instructions for reproducing this CVE are not entirely clear (I don't know what "specially crafted" command they are referring to, it could be a lot of things). Again, I'm new to this process and I'm not a security expert of any kind. This package installs successfully on a fresh, fully updated Kubuntu 16.04 install with no problems. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
Thanks Simon, the patch looks good; I changed the debian/changelog to match our usual style: * SECURITY UPDATE: kdesu may show a different string than it would execute with elevated privileges. (LP: #1629145) - debian/patches/01-patch-kde-CVE-2016-7787.diff - CVE-2016-7787 https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging Can you confirm that you've built and tested this package? Thanks -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kde-cli-tools in Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
** Changed in: kde-cli-tools (Ubuntu) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: kde-cli-tools (Ubuntu) Status: New => In Progress ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-7787 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629145] Re: Fix CVE-2016-7787
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629145 Title: Fix CVE-2016-7787 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-cli-tools/+bug/1629145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs