Am 23.10.19 um 09:29 schrieb Alex Murray:
>
> On Wed, 2019-10-23 at 17:32:58 +1030, Robert Loehning wrote:
>
>> Am 22.10.19 um 18:41 schrieb Dmitry Shachnev:
>>> Hi again Robert,
>>>
>>> On Fri, Oct 18, 2019 at 02:14:01PM +, Robert Loehning wrote:
Hi,
every application based on Qt will crash when opening a crafted plain
text file. Could you please add the patch below to your builds to fix this?
Thank you and have a nice weekend.
>>>
>>> Let me forward you a question I got on the bug:
>>>
>>> https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784/comments/1
>>>
>>> This would appear to have security implications since I imagine if an
>>> email
>>> were sent to a KMail recipient which was crafted in this same way it would
>>> crash KMail? If this is likely true a CVE should be requested from MITRE
>>> via
>>> https://cveform.mitre.org/ so that other distros etc can ensure they ship
>>> this patch too.
>>>
>>> What do you think about this?
>>>
>>> --
>>> Dmitry Shachnev
>>>
>>
>> Hi Dmitry,
>>
>> this is most probably right. I expect that it's possible to crash KMail
>> in that way. With Quassel, it was already used ITW.
>>
>> I don't think I'm authorized to send you such a crafted file, but if you
>> look closely at the test for the attached fix, you can probably figure
>> it out yourself.
>>
>> I'm not aware of an existing CVE for this issue, though.
>
> FYI - I have just submitted a CVE application for this to MITRE so that
> all distros can be notified of, and backport the fix as appropriate.
Wonderful! Thank you so much!
Cheers,
Robert
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
