Bug#840546: Stable Debdiff For CVE-2016-7966/kdepimlibs

[Scott Kitterman]

On Wednesday, October 12, 2016 09:36:13 PM Salvatore Bonaccorso wrote:
> Hi Scott,
> 
> On Wed, Oct 12, 2016 at 02:56:06PM -0400, Scott Kitterman wrote:
> > Proposed update attached.  It is the exact upstream commit that resolved
> > this issue upstream (relevant code is unchanged from stable) and I have
> > the fix running locally.  I do not have an example of the exploit to
> > verify the adequacy of the fix, but it does appear to be regression free.
> > 
> > I have an upload for jessie-security prepared.
> 
> Thanks, please do upload in this case. Remember to build with -sa,
> since it's the first upload dak on security-master seens for
> kdepimlibs.

Uploaded.

Scott K

signature.asc
Description: This is a digitally signed message part.

kcoreaddons_5.26.0-2_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 07 Oct 2016 22:46:43 +0200
Source: kcoreaddons
Binary: libkf5coreaddons-dev libkf5coreaddons-bin-dev libkf5coreaddons5 
libkf5coreaddons-data
Architecture: source amd64 all
Version: 5.26.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers 
Changed-By: Debian Qt/KDE Maintainers 
Description:
 libkf5coreaddons-bin-dev - KDE Frameworks 5 addons to QtCore - development 
files
 libkf5coreaddons-data - KDE Frameworks 5 addons to QtCore - data files
 libkf5coreaddons-dev - KDE Frameworks 5 addons to QtCore - development files
 libkf5coreaddons5 - KDE Frameworks 5 addons to QtCore
Closes: 840547
Changes:
 kcoreaddons (5.26.0-2) unstable; urgency=high
 .
   [ Sandro Knauß ]
   * Added patches to fix CVE-2016-7966 (Closes: #840547)
 0001-Fix-very-old-bug-when-we-remove-space-in-url-as-foo-.patch
 0002-Don-t-convert-as-url-an-url-which-has-a.patch
 - Fixes CVE-2016-7966
   https://security-tracker.debian.org/tracker/CVE-2016-7966
Checksums-Sha1:
 15d0a8ce1f767c32879249f9dabb77018c423403 2493 kcoreaddons_5.26.0-2.dsc
 6f18a8cea8acf4adae1cb23697ec992a9e1a2716 14740 
kcoreaddons_5.26.0-2.debian.tar.xz
 ec9966893ac54c91b963d3c59f71065bc58dfd65 399950 
libkf5coreaddons-bin-dev-dbgsym_5.26.0-2_amd64.deb
 6ac683611c9eec7970e6edadedd250139d5ea5c8 35184 
libkf5coreaddons-bin-dev_5.26.0-2_amd64.deb
 2a484f3a76474124793dcc6f8a4323133455d608 101146 
libkf5coreaddons-data_5.26.0-2_all.deb
 45e0feb38a631f7b142a7a0becd8d1d219e891bf 64032 
libkf5coreaddons-dev_5.26.0-2_amd64.deb
 d7692668d9e5acba73cb76deaf976b3493ffe52e 3216404 
libkf5coreaddons5-dbgsym_5.26.0-2_amd64.deb
 9ab6399fcc316ad0a9589b736381518a48b54739 199594 
libkf5coreaddons5_5.26.0-2_amd64.deb
Checksums-Sha256:
 3ade7b493b85c5a285489752c1027917fa53537aa3019ee267588c697da6b679 2493 
kcoreaddons_5.26.0-2.dsc
 17c1d3b3fa45f3e91f8660bee8fa2209282f1f1a6aa0d4dd45e7dd543b820008 14740 
kcoreaddons_5.26.0-2.debian.tar.xz
 6a9a78b4faf6ce5efdf2068a44df5fe0fb1cdbcbecc6a1882a2b92cf9ef1171c 399950 
libkf5coreaddons-bin-dev-dbgsym_5.26.0-2_amd64.deb
 46eff06bd12869beaff6d66cf40dbe61bd3a3df0111c439136afb5997348644b 35184 
libkf5coreaddons-bin-dev_5.26.0-2_amd64.deb
 cfce41e04eb7c622db5b14f218fe46993df716d7581223c0c83c8588d3e66952 101146 
libkf5coreaddons-data_5.26.0-2_all.deb
 3e80a03fe0f0eec94af5b706cb3bdaf7a7611494f01f0cad80c7dd977a6e3150 64032 
libkf5coreaddons-dev_5.26.0-2_amd64.deb
 1d12eb384ad2c5c4829078d55f1d36942b82cff86803c6efc0fec11eb7670bc0 3216404 
libkf5coreaddons5-dbgsym_5.26.0-2_amd64.deb
 2264014ee542897c28787fee5182a4e6a71f59ffa8da7ed7835593f698d00249 199594 
libkf5coreaddons5_5.26.0-2_amd64.deb
Files:
 6f0334c9250f80334d5f969f10500302 2493 libs optional kcoreaddons_5.26.0-2.dsc
 402983c37ba81f225bd48c31feca29ec 14740 libs optional 
kcoreaddons_5.26.0-2.debian.tar.xz
 f77ac31ce80ff2c920ed0b47e2b67f51 399950 debug extra 
libkf5coreaddons-bin-dev-dbgsym_5.26.0-2_amd64.deb
 5d1dc33212a4a066b3d211a39744a26a 35184 libdevel optional 
libkf5coreaddons-bin-dev_5.26.0-2_amd64.deb
 9f552161e6bf799f831e1a88d15add07 101146 libs optional 
libkf5coreaddons-data_5.26.0-2_all.deb
 c118ec71bed3b973dbb116b6988d4c48 64032 libdevel optional 
libkf5coreaddons-dev_5.26.0-2_amd64.deb
 a6d23979ea0e5792fbd863a52915bbf1 3216404 debug extra 
libkf5coreaddons5-dbgsym_5.26.0-2_amd64.deb
 3b51863015e8ef809d9dc052189ce530 199594 libs optional 
libkf5coreaddons5_5.26.0-2_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJX/o5GAAoJEHjX3vua1Zrxp0UP/1EAX/VlSGyvPR6Pa4z/ntGw
lg+qIdsYkvnTbLpW3JbAXrXT90asea76kNEWrG2PH+rmhJOs6vikmub8khPSgg3U
5HjxS/rPMQS/zShxxE8Vc6/GrR47Ro46rULlyCDqNtWRTUsegYt5Hcq+WVIb0z3X
zSFECASSea/oBl2ftH3EZ6NVyLbt2g6BmbVXW6Gxb0pxQifHJaEualad3oFoVm3O
SWVISMHZpyyrXfOU3KuqEvggpj5X7DSRzSAN6XXkm6ubTlCYAAzaXFT59WNSinjw
fhqVL4GIwoN+Fm7M0Kes1TcWviVUkDSRJ0yk133cbdo3C2onVkZ/i4lq6A9VR2yy
VlSiTJykPF5C6ZVIp17KrBwaJMrOt5+DLdima2Jz1o2T7rwtbpVxO2uB9D5dGDaY
RhY1g+SO0H4va1i4y58k+Jf9XFi+BC6nK1D+YHXmmaEtG/V65AVcOSJGbR8HVRiu
miEe10ZGsNWo6+ZQkdMCEi0lO4zlI8jbexWGMmpGQD0pdEoCQNRfQr59LF5XAF8L
VBif3mX2KcY4GMFYRNj0XRLJodPEau0hXTETWvVDS3xoS+ND3M9qvNpKJkhx4fZx
+e64Zgi8qMqLsNGJB5/WZli6ES9cbG/AQpPCux6locsGYJ+aHjoHYgr2xu+lEKsU
I8A0ewC3eFhtbdY+QuxB
=oX3v
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of kcoreaddons_5.26.0-2_amd64.changes

[Debian FTP Masters]

kcoreaddons_5.26.0-2_amd64.changes uploaded successfully to localhost
along with the files:
  kcoreaddons_5.26.0-2.dsc
  kcoreaddons_5.26.0-2.debian.tar.xz
  libkf5coreaddons-bin-dev-dbgsym_5.26.0-2_amd64.deb
  libkf5coreaddons-bin-dev_5.26.0-2_amd64.deb
  libkf5coreaddons-data_5.26.0-2_all.deb
  libkf5coreaddons-dev_5.26.0-2_amd64.deb
  libkf5coreaddons5-dbgsym_5.26.0-2_amd64.deb
  libkf5coreaddons5_5.26.0-2_amd64.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

Bug#840547: marked as done (KMail: HTML injection in plain text viewer)

[Debian Bug Tracking System]

Your message dated Wed, 12 Oct 2016 19:34:57 +
with message-id 
and subject line Bug#840547: fixed in kcoreaddons 5.26.0-2
has caused the Debian Bug report #840547,
regarding KMail: HTML injection in plain text viewer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
840547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kdepimlibs
Version: 4:4.4.5-2
Severity: grave
Tags: security patch upstream
Justification: user security hole

KDE Project Security Advisory
=

Title:  KMail: HTML injection in plain text viewer
Risk Rating:Important
CVE:CVE-2016-7966
Platforms:  All
Versions:   kmail >= 4.4.0
Author: Andre Heinecke 
Date:   6 October 2016

Overview


Through a malicious URL that contained a quote character it
was possible to inject HTML code in KMail's plain text viewer.
Due to the parser used on the URL it was not possible to include
the equal sign (=) or a space into the injected HTML, which greatly
reduces the available HTML functionality. Although it is possible
to include an HTML comment indicator to hide content.

Impact
==

An unauthenticated attacker can send out mails with malicious content
that breaks KMail's plain text HTML escape logic. Due to the limitations
of the provided HTML in itself it might not be serious. But as a way
to break out of KMail's restricted Plain text mode this might open
the way to the exploitation of other vulnerabilities in the HTML viewer
code, which is disabled by default.

Workaround
==

None.

Solution


For KDE Frameworks based releases of KMail apply the following patch to
kcoreaddons:
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=96e562d9138c100498da38e4c5b4091a226dde12

For kdelibs4 based releases apply the following patch:
https://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf

Credits
===

Thanks to Roland Tapken for reporting this issue, Andre Heinecke from
Intevation GmbH for analysing the problems and Laurent Montel for
fixing this issue.
From: Montel Laurent 
Date: Fri, 30 Sep 2016 13:55:35 +
Subject: Backport avoid to transform as a url when we have a quote
X-Git-Url: http://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf
---
Backport avoid to transform as a url when we have a quote
---


--- a/kpimutils/linklocator.cpp
+++ b/kpimutils/linklocator.cpp
@@ -94,6 +94,12 @@
 }
 
 QString LinkLocator::getUrl()
+{
+return getUrlAndCheckValidHref();
+}
+
+
+QString LinkLocator::getUrlAndCheckValidHref(bool *badurl)
 {
   QString url;
   if ( atUrl() ) {
@@ -129,13 +135,26 @@
 
 url.reserve( maxUrlLen() );  // avoid allocs
 int start = mPos;
+bool previousCharIsADoubleQuote = false;
 while ( ( mPos < (int)mText.length() ) &&
 ( mText[mPos].isPrint() || mText[mPos].isSpace() ) &&
 ( ( afterUrl.isNull() && !mText[mPos].isSpace() ) ||
   ( !afterUrl.isNull() && mText[mPos] != afterUrl ) ) ) {
   if ( !mText[mPos].isSpace() ) {   // skip whitespace
-url.append( mText[mPos] );
-if ( url.length() > maxUrlLen() ) {
+  if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
+  //it's an invalid url
+  if (badurl) {
+  *badurl = true;
+  }
+  return QString();
+  }
+  if (mText[mPos] == QLatin1Char('"')) {
+  previousCharIsADoubleQuote = true;
+  } else {
+  previousCharIsADoubleQuote = false;
+  }
+  url.append( mText[mPos] );
+  if ( url.length() > maxUrlLen() ) {
   break;
 }
   }
@@ -367,7 +386,12 @@
 } else {
   const int start = locator.mPos;
   if ( !( flags & IgnoreUrls ) ) {
-str = locator.getUrl();
+bool badUrl = false;
+str = locator.getUrlAndCheckValidHref();
+if (badUrl) {
+return locator.mText;
+}
+
 if ( !str.isEmpty() ) {
   QString hyperlink;
   if ( str.left( 4 ) == QLatin1String("www.") ) {

--- a/kpimutils/linklocator.h
+++ b/kpimutils/linklocator.h
@@ -107,6 +107,7 @@
   @return The URL at the current scan position, or an empty string.
 */
 QString getUrl();
+QString getUrlAndCheckValidHref(bool *badurl = 0);
 
 /**
   Attempts to 

Bug#840546: Stable Debdiff For CVE-2016-7966/kdepimlibs

[Salvatore Bonaccorso]

Hi Scott,

On Wed, Oct 12, 2016 at 02:56:06PM -0400, Scott Kitterman wrote:
> Proposed update attached.  It is the exact upstream commit that resolved this 
> issue upstream (relevant code is unchanged from stable) and I have the fix 
> running locally.  I do not have an example of the exploit to verify the 
> adequacy of the fix, but it does appear to be regression free.
> 
> I have an upload for jessie-security prepared.

Thanks, please do upload in this case. Remember to build with -sa,
since it's the first upload dak on security-master seens for
kdepimlibs.

Regards,
Salvatore

Bug#840546: Stable Debdiff For CVE-2016-7966/kdepimlibs

[Moritz Muehlenhoff]

B0;115;0cOn Wed, Oct 12, 2016 at 02:56:06PM -0400, Scott Kitterman wrote:
> Proposed update attached.  It is the exact upstream commit that resolved this 
> issue upstream (relevant code is unchanged from stable) and I have the fix 
> running locally.  I do not have an example of the exploit to verify the 
> adequacy of the fix, but it does appear to be regression free.
> 
> I have an upload for jessie-security prepared.

Looks fine, please build with "-sa" and upload to security-master.

Cheers,
Moritz

kdepimlibs_4.14.10-6_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 12 Oct 2016 14:41:12 -0400
Source: kdepimlibs
Binary: kdepimlibs5-dev kdepimlibs-kio-plugins libakonadi-contact4 
libakonadi-kabc4 libakonadi-kcal4 libakonadi-kde4 libakonadi-kmime4 
libakonadi-socialutils4 libakonadi-notes4 libakonadi-xml4 libgpgme++2v5 
libkabc4 libkblog4 libkalarmcal2 libkcal4 libkcalcore4 libkcalutils4 
libkholidays4 libkimap4 libkldap4 libkmbox4 libakonadi-calendar4 libkmime4 
libkontactinterface4a libkpimidentities4 libkpimtextedit4 libkpimutils4 
libkresources4 libktnef4 libkxmlrpcclient4 libmailtransport4 libmicroblog4 
libqgpgme1 libsyndication4 kdepimlibs-dbg
Architecture: source amd64
Version: 4:4.14.10-6
Distribution: unstable
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers 
Changed-By: Scott Kitterman 
Description:
 kdepimlibs-dbg - debugging symbols for the KDE Development Platform PIM 
libraries
 kdepimlibs-kio-plugins - kio slaves used by KDE PIM applications
 kdepimlibs5-dev - development files for the KDE Development Platform PIM 
libraries
 libakonadi-calendar4 - library providing calendar helpers for Akonadi items
 libakonadi-contact4 - Akonadi contacts access library
 libakonadi-kabc4 - Akonadi address book access library
 libakonadi-kcal4 - Akonadi calendar access library
 libakonadi-kde4 - library for using the Akonadi PIM data server
 libakonadi-kmime4 - Akonadi MIME handling library
 libakonadi-notes4 - Akonadi notes access library
 libakonadi-socialutils4 - Akonadi resources for handling social feeds
 libakonadi-xml4 - Akonadi XML helper library
 libgpgme++2v5 - C++ wrapper library for GPGME
 libkabc4   - library for handling address book data
 libkalarmcal2 - library for handling kalarm calendar data
 libkblog4  - client-side support library for web application remote blogging A
 libkcal4   - library for handling calendar data
 libkcalcore4 - library for handling calendar data
 libkcalutils4 - library with utility functions for the handling of calendar 
data
 libkholidays4 - holidays calculation library
 libkimap4  - library for handling IMAP data
 libkldap4  - library for accessing LDAP
 libkmbox4  - library for handling mbox mailboxes
 libkmime4  - library for handling MIME data
 libkontactinterface4a - Kontact interface library
 libkpimidentities4 - library for managing user identities
 libkpimtextedit4 - library that provides a textedit with PIM-specific features
 libkpimutils4 - library for dealing with email addresses
 libkresources4 - KDE Resource framework library
 libktnef4  - library for handling TNEF data
 libkxmlrpcclient4 - simple XML-RPC client library
 libmailtransport4 - mail transport service library
 libmicroblog4 - library for using the Microblog Akonadi Resource
 libqgpgme1 - library for GpgME++ integration with Qt
 libsyndication4 - parser library for RSS and Atom feeds
Closes: 840546
Changes:
 kdepimlibs (4:4.14.10-6) unstable; urgency=high
 .
   * Team upload.
   * CVE-2016-7966 KMail: HTML injection in plain text viewer (Closes: #840546)
 - Avoid transforming as a url in plain text mode when there is a quote
 - Add debian/patches/CVE-2016-7966.diff from upstream
Checksums-Sha1:
 7327a1273193bf258af55a3c2f72aff550dc632c 4661 kdepimlibs_4.14.10-6.dsc
 e55ebc826da194298e304b0415a0b1d0e1c39756 126668 
kdepimlibs_4.14.10-6.debian.tar.xz
 af623a03e59e644fda716fa2584766a492ac4e90 60760280 
kdepimlibs-dbg_4.14.10-6_amd64.deb
 08bb8eaf1a197acce86119c3cf863e0c039434a0 273206 
kdepimlibs-kio-plugins_4.14.10-6_amd64.deb
 fdade4d370770db2381bf331e20711fddb89f06d 541742 
kdepimlibs5-dev_4.14.10-6_amd64.deb
 4583edab82d4948aa57080a37c62d92a9e756bd7 266342 
libakonadi-calendar4_4.14.10-6_amd64.deb
 15fc22874e5034b20b1d2b524d9f53cbf2002890 352334 
libakonadi-contact4_4.14.10-6_amd64.deb
 a4fafdd28c1fb5392f838791361db3e85429bdfc 27704 
libakonadi-kabc4_4.14.10-6_amd64.deb
 df61ef181a788640eb8d08528f52afec399c65fb 33738 
libakonadi-kcal4_4.14.10-6_amd64.deb
 5d9170c84d5b30fe6f520c541aada17f1e8aefdd 896902 
libakonadi-kde4_4.14.10-6_amd64.deb
 d9e3b7a82d1843c5a5fff97a33980aece9554265 118380 
libakonadi-kmime4_4.14.10-6_amd64.deb
 fde45879c4fbffd87c20e7d0bcc1b202fd68cd3b 43736 
libakonadi-notes4_4.14.10-6_amd64.deb
 eb0c2a7682c5f014266703af8f47c1d17e23 64216 
libakonadi-socialutils4_4.14.10-6_amd64.deb
 8934ed1a3d466a6428dc5dbdceb18de8a8adc6a9 50006 
libakonadi-xml4_4.14.10-6_amd64.deb
 61a1a6cdecf2f11555f11da45adbb0fe3406486d 126414 
libgpgme++2v5_4.14.10-6_amd64.deb
 e0f16989c9046b140580e6a102abb0cfde5258b8 323480 libkabc4_4.14.10-6_amd64.deb
 9b77e1f906cb42b65cbee2769c784d6aadebf785 151590 
libkalarmcal2_4.14.10-6_amd64.deb
 1298b022b40d03f8538052a5128fbc9f4815683b 117520 libkblog4_4.14.10-6_amd64.deb
 021b5eb468f6b7c862cf69555a7153d9630fab4b 382286 libkcal4_4.14.10-6_amd64.deb
 9545a480cd633928ad67a89f106965998bea56a7 283218 
libkcalcore4_4.14.10-6_amd64.deb
 

Processing of kdepimlibs_4.14.10-6_amd64.changes

[Debian FTP Masters]

kdepimlibs_4.14.10-6_amd64.changes uploaded successfully to localhost
along with the files:
  kdepimlibs_4.14.10-6.dsc
  kdepimlibs_4.14.10-6.debian.tar.xz
  kdepimlibs-dbg_4.14.10-6_amd64.deb
  kdepimlibs-kio-plugins_4.14.10-6_amd64.deb
  kdepimlibs5-dev_4.14.10-6_amd64.deb
  libakonadi-calendar4_4.14.10-6_amd64.deb
  libakonadi-contact4_4.14.10-6_amd64.deb
  libakonadi-kabc4_4.14.10-6_amd64.deb
  libakonadi-kcal4_4.14.10-6_amd64.deb
  libakonadi-kde4_4.14.10-6_amd64.deb
  libakonadi-kmime4_4.14.10-6_amd64.deb
  libakonadi-notes4_4.14.10-6_amd64.deb
  libakonadi-socialutils4_4.14.10-6_amd64.deb
  libakonadi-xml4_4.14.10-6_amd64.deb
  libgpgme++2v5_4.14.10-6_amd64.deb
  libkabc4_4.14.10-6_amd64.deb
  libkalarmcal2_4.14.10-6_amd64.deb
  libkblog4_4.14.10-6_amd64.deb
  libkcal4_4.14.10-6_amd64.deb
  libkcalcore4_4.14.10-6_amd64.deb
  libkcalutils4_4.14.10-6_amd64.deb
  libkholidays4_4.14.10-6_amd64.deb
  libkimap4_4.14.10-6_amd64.deb
  libkldap4_4.14.10-6_amd64.deb
  libkmbox4_4.14.10-6_amd64.deb
  libkmime4_4.14.10-6_amd64.deb
  libkontactinterface4a_4.14.10-6_amd64.deb
  libkpimidentities4_4.14.10-6_amd64.deb
  libkpimtextedit4_4.14.10-6_amd64.deb
  libkpimutils4_4.14.10-6_amd64.deb
  libkresources4_4.14.10-6_amd64.deb
  libktnef4_4.14.10-6_amd64.deb
  libkxmlrpcclient4_4.14.10-6_amd64.deb
  libmailtransport4_4.14.10-6_amd64.deb
  libmicroblog4_4.14.10-6_amd64.deb
  libqgpgme1_4.14.10-6_amd64.deb
  libsyndication4_4.14.10-6_amd64.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

Re: Calligra stable releases not in Debian stable Jessi

[Jaroslaw Staniek]

On 8 October 2016 at 15:20, Maximiliano Curia  wrote:

> ¡Hola Jaroslaw!
>
> El 2016-10-01 a las 00:43 +0200, Jaroslaw Staniek escribió:
>
>> On 1 October 2016 at 00:18, Nicolás Alvarez 
>> wrote:
>>
>>> 2016-09-30 6:31 GMT-03:00 Jaroslaw Staniek :
>>>
>> Honestly, we know via telemetrics that more than needed users run
>> outdated software.
>>
>
> What kind of telemetrics are these?
>

​Overview and stats here:​
​https://blogs.kde.org/2013/12/09/usage-stats
​


-- 
regards, Jaroslaw Staniek

KDE:
: A world-wide network of software engineers, artists, writers, translators
: and facilitators committed to Free Software development - http://kde.org
Calligra Suite:
: A graphic art and office suite - http://calligra.org
Kexi:
: A visual database apps builder - http://calligra.org/kexi
Qt Certified Specialist:
: http://www.linkedin.com/in/jstaniek

Bug#840546: marked as done (KMail: HTML injection in plain text viewer)

[Debian Bug Tracking System]

Your message dated Wed, 12 Oct 2016 19:19:32 +
with message-id 
and subject line Bug#840546: fixed in kdepimlibs 4:4.14.10-6
has caused the Debian Bug report #840546,
regarding KMail: HTML injection in plain text viewer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
840546: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840546
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kdepimlibs
Version: 4:4.4.5-2
Severity: grave
Tags: security patch upstream
Justification: user security hole

KDE Project Security Advisory
=

Title:  KMail: HTML injection in plain text viewer
Risk Rating:Important
CVE:CVE-2016-7966
Platforms:  All
Versions:   kmail >= 4.4.0
Author: Andre Heinecke 
Date:   6 October 2016

Overview


Through a malicious URL that contained a quote character it
was possible to inject HTML code in KMail's plain text viewer.
Due to the parser used on the URL it was not possible to include
the equal sign (=) or a space into the injected HTML, which greatly
reduces the available HTML functionality. Although it is possible
to include an HTML comment indicator to hide content.

Impact
==

An unauthenticated attacker can send out mails with malicious content
that breaks KMail's plain text HTML escape logic. Due to the limitations
of the provided HTML in itself it might not be serious. But as a way
to break out of KMail's restricted Plain text mode this might open
the way to the exploitation of other vulnerabilities in the HTML viewer
code, which is disabled by default.

Workaround
==

None.

Solution


For KDE Frameworks based releases of KMail apply the following patch to
kcoreaddons:
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=96e562d9138c100498da38e4c5b4091a226dde12

For kdelibs4 based releases apply the following patch:
https://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf

Credits
===

Thanks to Roland Tapken for reporting this issue, Andre Heinecke from
Intevation GmbH for analysing the problems and Laurent Montel for
fixing this issue.
From: Montel Laurent 
Date: Fri, 30 Sep 2016 13:55:35 +
Subject: Backport avoid to transform as a url when we have a quote
X-Git-Url: http://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf
---
Backport avoid to transform as a url when we have a quote
---


--- a/kpimutils/linklocator.cpp
+++ b/kpimutils/linklocator.cpp
@@ -94,6 +94,12 @@
 }
 
 QString LinkLocator::getUrl()
+{
+return getUrlAndCheckValidHref();
+}
+
+
+QString LinkLocator::getUrlAndCheckValidHref(bool *badurl)
 {
   QString url;
   if ( atUrl() ) {
@@ -129,13 +135,26 @@
 
 url.reserve( maxUrlLen() );  // avoid allocs
 int start = mPos;
+bool previousCharIsADoubleQuote = false;
 while ( ( mPos < (int)mText.length() ) &&
 ( mText[mPos].isPrint() || mText[mPos].isSpace() ) &&
 ( ( afterUrl.isNull() && !mText[mPos].isSpace() ) ||
   ( !afterUrl.isNull() && mText[mPos] != afterUrl ) ) ) {
   if ( !mText[mPos].isSpace() ) {   // skip whitespace
-url.append( mText[mPos] );
-if ( url.length() > maxUrlLen() ) {
+  if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
+  //it's an invalid url
+  if (badurl) {
+  *badurl = true;
+  }
+  return QString();
+  }
+  if (mText[mPos] == QLatin1Char('"')) {
+  previousCharIsADoubleQuote = true;
+  } else {
+  previousCharIsADoubleQuote = false;
+  }
+  url.append( mText[mPos] );
+  if ( url.length() > maxUrlLen() ) {
   break;
 }
   }
@@ -367,7 +386,12 @@
 } else {
   const int start = locator.mPos;
   if ( !( flags & IgnoreUrls ) ) {
-str = locator.getUrl();
+bool badUrl = false;
+str = locator.getUrlAndCheckValidHref();
+if (badUrl) {
+return locator.mText;
+}
+
 if ( !str.isEmpty() ) {
   QString hyperlink;
   if ( str.left( 4 ) == QLatin1String("www.") ) {

--- a/kpimutils/linklocator.h
+++ b/kpimutils/linklocator.h
@@ -107,6 +107,7 @@
   @return The URL at the current scan position, or an empty string.
 */
 QString getUrl();
+QString getUrlAndCheckValidHref(bool *badurl = 0);
 
 /**
   Attempts to 

kdepimlibs_4.14.10-2_amd64.changes REJECTED

[Debian FTP Masters]

Version check failed:
Your upload included the source package kdepimlibs, version 4:4.14.10-2,
however testing already has version 4:4.14.10-5.
Uploads to unstable must have a higher version than present in testing.

===

Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.

Processing of kdepimlibs_4.14.10-2_amd64.changes

[Debian FTP Masters]

kdepimlibs_4.14.10-2_amd64.changes uploaded successfully to localhost
along with the files:
  kdepimlibs_4.14.10-2.dsc
  kdepimlibs_4.14.10-2.debian.tar.xz
  kdepimlibs-dbg_4.14.10-2_amd64.deb
  kdepimlibs-kio-plugins_4.14.10-2_amd64.deb
  kdepimlibs5-dev_4.14.10-2_amd64.deb
  libakonadi-calendar4_4.14.10-2_amd64.deb
  libakonadi-contact4_4.14.10-2_amd64.deb
  libakonadi-kabc4_4.14.10-2_amd64.deb
  libakonadi-kcal4_4.14.10-2_amd64.deb
  libakonadi-kde4_4.14.10-2_amd64.deb
  libakonadi-kmime4_4.14.10-2_amd64.deb
  libakonadi-notes4_4.14.10-2_amd64.deb
  libakonadi-socialutils4_4.14.10-2_amd64.deb
  libakonadi-xml4_4.14.10-2_amd64.deb
  libgpgme++2v5_4.14.10-2_amd64.deb
  libkabc4_4.14.10-2_amd64.deb
  libkalarmcal2_4.14.10-2_amd64.deb
  libkblog4_4.14.10-2_amd64.deb
  libkcal4_4.14.10-2_amd64.deb
  libkcalcore4_4.14.10-2_amd64.deb
  libkcalutils4_4.14.10-2_amd64.deb
  libkholidays4_4.14.10-2_amd64.deb
  libkimap4_4.14.10-2_amd64.deb
  libkldap4_4.14.10-2_amd64.deb
  libkmbox4_4.14.10-2_amd64.deb
  libkmime4_4.14.10-2_amd64.deb
  libkontactinterface4a_4.14.10-2_amd64.deb
  libkpimidentities4_4.14.10-2_amd64.deb
  libkpimtextedit4_4.14.10-2_amd64.deb
  libkpimutils4_4.14.10-2_amd64.deb
  libkresources4_4.14.10-2_amd64.deb
  libktnef4_4.14.10-2_amd64.deb
  libkxmlrpcclient4_4.14.10-2_amd64.deb
  libmailtransport4_4.14.10-2_amd64.deb
  libmicroblog4_4.14.10-2_amd64.deb
  libqgpgme1_4.14.10-2_amd64.deb
  libsyndication4_4.14.10-2_amd64.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

Processed: found 840547 in 5.7.0-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 840547 5.7.0-1
Bug #840547 [kcoreaddons] KMail: HTML injection in plain text viewer
There is no source info for the package 'kcoreaddons' at version '5.7.0-1' with 
architecture ''
Unable to make a source version for version '5.7.0-1'
Marked as found in versions 5.7.0-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
840547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 840547

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 840547 + pending
Bug #840547 [kcoreaddons] KMail: HTML injection in plain text viewer
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
840547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 840547

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 840547 - patch
Bug #840547 [kcoreaddons] KMail: HTML injection in plain text viewer
Removed tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
840547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: cloning 840546

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> clone 840546 -1
Bug #840546 [kdepimlibs] KMail: HTML injection in plain text viewer
Bug 840546 cloned as bug 840547
> reassign -1 kcoreaddons 5.0
Bug #840547 [kdepimlibs] KMail: HTML injection in plain text viewer
Bug reassigned from package 'kdepimlibs' to 'kcoreaddons'.
No longer marked as found in versions 4:4.4.5-2.
Ignoring request to alter fixed versions of bug #840547 to the same values 
previously set
Bug #840547 [kcoreaddons] KMail: HTML injection in plain text viewer
There is no source info for the package 'kcoreaddons' at version '5.0' with 
architecture ''
Unable to make a source version for version '5.0'
Marked as found in versions 5.0.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
840546: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840546
840547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#840546: KMail: HTML injection in plain text viewer

[Scott Kitterman]

Package: kdepimlibs
Version: 4:4.4.5-2
Severity: grave
Tags: security patch upstream
Justification: user security hole

KDE Project Security Advisory
=

Title:  KMail: HTML injection in plain text viewer
Risk Rating:Important
CVE:CVE-2016-7966
Platforms:  All
Versions:   kmail >= 4.4.0
Author: Andre Heinecke 
Date:   6 October 2016

Overview


Through a malicious URL that contained a quote character it
was possible to inject HTML code in KMail's plain text viewer.
Due to the parser used on the URL it was not possible to include
the equal sign (=) or a space into the injected HTML, which greatly
reduces the available HTML functionality. Although it is possible
to include an HTML comment indicator to hide content.

Impact
==

An unauthenticated attacker can send out mails with malicious content
that breaks KMail's plain text HTML escape logic. Due to the limitations
of the provided HTML in itself it might not be serious. But as a way
to break out of KMail's restricted Plain text mode this might open
the way to the exploitation of other vulnerabilities in the HTML viewer
code, which is disabled by default.

Workaround
==

None.

Solution


For KDE Frameworks based releases of KMail apply the following patch to
kcoreaddons:
https://quickgit.kde.org/?p=kcoreaddons.git=commitdiff=96e562d9138c100498da38e4c5b4091a226dde12

For kdelibs4 based releases apply the following patch:
https://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf

Credits
===

Thanks to Roland Tapken for reporting this issue, Andre Heinecke from
Intevation GmbH for analysing the problems and Laurent Montel for
fixing this issue.
From: Montel Laurent 
Date: Fri, 30 Sep 2016 13:55:35 +
Subject: Backport avoid to transform as a url when we have a quote
X-Git-Url: http://quickgit.kde.org/?p=kdepimlibs.git=commitdiff=176fee25ca79145ab5c8e2275d248f1a46a8d8cf
---
Backport avoid to transform as a url when we have a quote
---


--- a/kpimutils/linklocator.cpp
+++ b/kpimutils/linklocator.cpp
@@ -94,6 +94,12 @@
 }
 
 QString LinkLocator::getUrl()
+{
+return getUrlAndCheckValidHref();
+}
+
+
+QString LinkLocator::getUrlAndCheckValidHref(bool *badurl)
 {
   QString url;
   if ( atUrl() ) {
@@ -129,13 +135,26 @@
 
 url.reserve( maxUrlLen() );  // avoid allocs
 int start = mPos;
+bool previousCharIsADoubleQuote = false;
 while ( ( mPos < (int)mText.length() ) &&
 ( mText[mPos].isPrint() || mText[mPos].isSpace() ) &&
 ( ( afterUrl.isNull() && !mText[mPos].isSpace() ) ||
   ( !afterUrl.isNull() && mText[mPos] != afterUrl ) ) ) {
   if ( !mText[mPos].isSpace() ) {   // skip whitespace
-url.append( mText[mPos] );
-if ( url.length() > maxUrlLen() ) {
+  if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
+  //it's an invalid url
+  if (badurl) {
+  *badurl = true;
+  }
+  return QString();
+  }
+  if (mText[mPos] == QLatin1Char('"')) {
+  previousCharIsADoubleQuote = true;
+  } else {
+  previousCharIsADoubleQuote = false;
+  }
+  url.append( mText[mPos] );
+  if ( url.length() > maxUrlLen() ) {
   break;
 }
   }
@@ -367,7 +386,12 @@
 } else {
   const int start = locator.mPos;
   if ( !( flags & IgnoreUrls ) ) {
-str = locator.getUrl();
+bool badUrl = false;
+str = locator.getUrlAndCheckValidHref();
+if (badUrl) {
+return locator.mText;
+}
+
 if ( !str.isEmpty() ) {
   QString hyperlink;
   if ( str.left( 4 ) == QLatin1String("www.") ) {

--- a/kpimutils/linklocator.h
+++ b/kpimutils/linklocator.h
@@ -107,6 +107,7 @@
   @return The URL at the current scan position, or an empty string.
 */
 QString getUrl();
+QString getUrlAndCheckValidHref(bool *badurl = 0);
 
 /**
   Attempts to grab an email address. If there is an @ symbol at the
@@ -155,7 +156,7 @@
 */
 static QString pngToDataUrl( const QString & iconPath );
 
-  protected:
+protected:
 /**
   The plaintext string being scanned for URLs and email addresses.
 */

Bug#797999: more debug info

[Eric Valette]

On 10/12/2016 11:44 AM, Eric Valette wrote:

On 10/12/2016 10:57 AM, Eric Valette wrote:

On 10/11/2016 04:22 PM, Eric Valette wrote:

On 10/11/2016 04:10 PM, Dominique Dumont wrote:



Could you try that on your side ?

I can do the test but I never open the lid when docked so this will not
be my use case and this means also modifying my xorg.conf.


Once session is initialized with kdm, in system settings-> display and
monitor, I have DP4 on at 1920x1200 (as reported by xrandr even when
failing) and DP3 off.


I tried to let the lid open with my actual xorg.conf and rebooted, both
screen go black. I can still switch to laptop lid in text mode using
ctrl-alt-f1. I loged to my accound, killed sddm service and did a
startx, and the kde session shows up correctly on the external monitor
and laptop screen goes black.



I was in a meeting so undocked my laptop and by curiosity completely 
removed the xorg.conf and tried sddm. Even in this simpliest config it 
fails and the screen goes black after displaying the Nvidia logo 
(usually I use the No Logo option but as xorg.conf was empty). I got 
sddm errors in /var/run/sddm.log. It says the greeter can't open the 
display.


So probably the problem is not the docking and the external monitor. 
Compared to other working setup with same software stack (legacy 340 
nvidia driver), the only thing I can see that differs is the fact that 
the laptop lid is wired via DisplayPort versus HDMI.


xrandr on this config when started via kdm
Screen 0: minimum 8 x 8, current 1440 x 900, maximum 8192 x 8192
VGA-0 disconnected (normal left inverted right x axis y axis)
DP-0 disconnected (normal left inverted right x axis y axis)
DP-1 disconnected (normal left inverted right x axis y axis)
DP-2 disconnected (normal left inverted right x axis y axis)
DP-3 connected primary 1440x900+0+0 (normal left inverted right x axis y 
axis) 304mm x 190mm

   1440x900  59.96*+  39.96
DP-4 disconnected (normal left inverted right x axis y axis)



--eric

Bug#839715: systemtray: Network Widget in Systemtray: 2 Buttons without any description or Icon

[Maximiliano Curia]

Control: tag -1 + confirmed
Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=370541

¡Hola Maria!

El 2016-10-04 a las 11:15 +0200, Maria escribió:
Package: plasma-workspace 
Version: 4:5.7.4-1 
Severity: normal 
File: systemtray


as shown in the attached screenshot the two buttons of the network widget in 
the systemtray don't have any description or icon. 
They would be helpful. :)


I could reproduce this issue when switching to the oxygen icon theme, and 
forwarded this report upstream. You might want to switch to the breeze icon 
theme, which is the current default.


(only one icon was missing for me when using 5.8.0)

Happy hacking,
--
"It is practically impossible to teach good programming to students that have
had a prior exposure to BASIC: as potential programmers they are mentally
mutilated beyond hope of regeneration."
-- Edsger W. Dijkstra
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Processed: Re: Bug#839715: systemtray: Network Widget in Systemtray: 2 Buttons without any description or Icon

[Debian Bug Tracking System]

Processing control commands:

> tag -1 + confirmed
Bug #839715 [plasma-workspace] systemtray: Network Widget in Systemtray: 2 
Buttons without any description or Icon
Added tag(s) confirmed.
> forwarded -1 https://bugs.kde.org/show_bug.cgi?id=370541
Bug #839715 [plasma-workspace] systemtray: Network Widget in Systemtray: 2 
Buttons without any description or Icon
Set Bug forwarded-to-address to 'https://bugs.kde.org/show_bug.cgi?id=370541'.

-- 
839715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839715
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#797999: more debug info

[Eric Valette]

On 10/12/2016 10:57 AM, Eric Valette wrote:

On 10/11/2016 04:22 PM, Eric Valette wrote:

On 10/11/2016 04:10 PM, Dominique Dumont wrote:



Could you try that on your side ?

I can do the test but I never open the lid when docked so this will not
be my use case and this means also modifying my xorg.conf.


Once session is initialized with kdm, in system settings-> display and
monitor, I have DP4 on at 1920x1200 (as reported by xrandr even when
failing) and DP3 off.


I tried to let the lid open with my actual xorg.conf and rebooted, both 
screen go black. I can still switch to laptop lid in text mode using 
ctrl-alt-f1. I loged to my accound, killed sddm service and did a 
startx, and the kde session shows up correctly on the external monitor 
and laptop screen goes black.


Could you try to use nvidia-settings to disable your laptop screen, via 
the X Server Display Configuration menu and use save X configuration 
file (in /tmp/xorg.conf) back up you actual /etx/X11/xorg.conf if you 
have one and then replace your working dual screen conf by the 
/tmp/xorg.conf


NB : actually the xorg.conf file generated is not perfect it misses the 
config for the second monitor, and still use the laptop screen 
identifier in the Screen section while adding the external monitor config



dpkg -s nvidia-settings-legacy-340xx
Package: nvidia-settings-legacy-340xx
Status: install ok installed
Priority: optional
Section: contrib/x11
Installed-Size: 1861
Maintainer: Debian NVIDIA Maintainers 


Architecture: amd64
Version: 340.93-1
Depends: pkg-config, nvidia-legacy-340xx-alternative, libc6 (>= 2.14), 
libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.12.0), libgtk2.0-0 
(>= 2.8.0), libjansson4 (>= 2.3), libpango-1.0-0 (>= 1.14.0), libx11-6 
(>= 2:1.4.99.1), libxext6, libxxf86vm1

Pre-Depends: nvidia-installer-cleanup
Recommends: libgl1-nvidia-legacy-340xx-glx
Breaks: nvidia-alternative (<< 313.30-2), 
nvidia-alternative-legacy-173xx (<< 173.14.37), 
nvidia-alternative-legacy-96xx (<< 96.43.23-4)
Description: tool for configuring the NVIDIA graphics driver (340xx 
legacy version)

 The nvidia-settings utility is a tool for configuring the NVIDIA
 Linux graphics driver.  It operates by communicating with the NVIDIA
 X driver, querying and updating state as appropriate.  This
 communication is done with the NV-CONTROL X extension.
 .
 Values such as brightness and gamma, XVideo attributes, temperature,
 and OpenGL settings can be queried and configured via nvidia-settings.
Homepage: ftp://download.nvidia.com/XFree86/nvidia-settings/

Bug#797999: We are now more than one year later and this critical bug is not fixed

[Eric Valette]

On 10/11/2016 04:22 PM, Eric Valette wrote:

On 10/11/2016 04:10 PM, Dominique Dumont wrote:



Could you try that on your side ?

I can do the test but I never open the lid when docked so this will not
be my use case and this means also modifying my xorg.conf.


Once session is initialized with kdm, in system settings-> display and 
monitor, I have DP4 on at 1920x1200 (as reported by xrandr even when 
failing) and DP3 off.


--eric

Bug#840478: ksmserver: autostart service "/usr/bin/conky" finished with exit code 0

[Maximiliano Curia]

Control: reassign -1 plasma-workspace 4:5.8.0-1
Control: severity -1 minor
Control: tag -1 + confirmed
Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=370528

¡Hola allan!

El 2016-10-11 a las 17:55 -0400, allan grossman escribió:
Package: kde-baseapps-bin 
Version: 4:16.08.0-1 
Severity: important



  * What led up to the situation?



Upgraded Debian Unstable today.

  * What exactly did you do (or not do) that was effective (or 
ineffective)?


Rebooted machine and started KDE as normal.  conky refused to start and 
.xsession-errors gave the error above.  Starting conky in a terminal window or 
with krunner works, it just won't autostart.



ksmserver: autostart service "/usr/bin/conky" finished with exit code  0


A similar report with some workarounds can be found in:
https://bbs.archlinux.org/viewtopic.php?id=217920

The problem seems to be that conky's stderr is closed when started from the 
autostart in daemonize mode. Redirecting stderr or not daemonizing solves the 
problem.


Please note that using stderr after daemonizing a process is usualy a bad 
practice, and conky should at least check for errors when writting to it before 
bailing out. (Consider a daemon started from a terminal, what happens when the 
user closes the terminal?)



  * What was the outcome of this action?

As mentioned, conky exits.

  * What outcome did you expect instead?

Expected conky to autostart.


*** /home/wizard/.config/autostart/conky.desktop 
[Desktop Entry]
Exec=/usr/bin/conky -d 
Icon=system-run 
Path=



[Desktop Entry]
Exec=/usr/bin/conky -d 
Icon=system-run 
Path= 
Terminal=false 
Type=Application


Your desktop file seems to list two desktop entries, this seems to be wrong.

--
"When explaining a command, or language feature, or hardware widget, first
describe the problem it is designed to solve."
-- David Martin
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Processed: Re: Bug#840478: ksmserver: autostart service "/usr/bin/conky" finished with exit code 0

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 plasma-workspace 4:5.8.0-1
Bug #840478 [kde-baseapps-bin] ksmserver: autostart service "/usr/bin/conky" 
finished with exit code  0
Bug reassigned from package 'kde-baseapps-bin' to 'plasma-workspace'.
No longer marked as found in versions kde-baseapps/4:16.08.0-1.
Ignoring request to alter fixed versions of bug #840478 to the same values 
previously set
Bug #840478 [plasma-workspace] ksmserver: autostart service "/usr/bin/conky" 
finished with exit code  0
Marked as found in versions plasma-workspace/4:5.8.0-1.
> severity -1 minor
Bug #840478 [plasma-workspace] ksmserver: autostart service "/usr/bin/conky" 
finished with exit code  0
Severity set to 'minor' from 'important'
> tag -1 + confirmed
Bug #840478 [plasma-workspace] ksmserver: autostart service "/usr/bin/conky" 
finished with exit code  0
Added tag(s) confirmed.
> forwarded -1 https://bugs.kde.org/show_bug.cgi?id=370528
Bug #840478 [plasma-workspace] ksmserver: autostart service "/usr/bin/conky" 
finished with exit code  0
Set Bug forwarded-to-address to 'https://bugs.kde.org/show_bug.cgi?id=370528'.

-- 
840478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems