** Changed in: kcoreaddons (Ubuntu Precise)
Assignee: Simon Quigley (tsimonq2) => (unassigned)
** Changed in: kcoreaddons (Ubuntu Xenial)
Assignee: Simon Quigley (tsimonq2) => (unassigned)
** Changed in: kdepimlibs (Ubuntu Trusty)
Assignee: Simon Quigley (tsimonq2) => (unassigned)
This bug was fixed in the package kdepimlibs - 4:4.13.3-0ubuntu0.4
---
kdepimlibs (4:4.13.3-0ubuntu0.4) trusty-security; urgency=high
* SECURITY UPDATE: KMail: HTML injection in plain text viewer (LP: #1630700)
- CVE-2016-7966
- The security vulnerability was not completely
This bug was fixed in the package kcoreaddons - 5.18.0-0ubuntu1.1
---
kcoreaddons (5.18.0-0ubuntu1.1) xenial-security; urgency=high
* SECURITY UPDATE: KMail - HTML injection in plain text viewer
(LP: #1630700)
- CVE-2016-7966
- CVE-2016-7966_1.patch - 1be727 from
Here is a follow-up patch for kdepimlibs in Trusty applicable to
4.13.3-0ubuntu0.3 that addresses some general feedback I have received
on other bug reports. This shouldn't need any new testing because this
is technically the same as the last debdiff.
** Patch added: "2-4.13.3-0ubuntu0.4.debdiff"
Here's a debdiff for kcoreaddons in Xenial applicable to
5.18.0-0ubuntu1. I tested it and it works fine.
** Patch added: "1-5.18.0-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/kdepimlibs/+bug/1630700/+attachment/4931056/+files/1-5.18.0-0ubuntu1.1.debdiff
--
You received
Attached is a debdiff for kdepimlibs in Trusty applicable to
4.13.3-0ubuntu0.3. I tested this on a fresh Kubuntu 14.04 LTS install
and it works fine.
** Patch added: "1-4.13.3-0ubuntu0.4.debdiff"
** Summary changed:
- CVE - KMail - HTML injection in plain text viewer
+ [CVE] KMail - HTML injection in plain text viewer
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepimlibs in Ubuntu.
https://bugs.launchpad.net/bugs/1630700
As shown in the bug description edit, this bug is not 100% fixed yet.
I'm working on fixes.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepimlibs in Ubuntu.
https://bugs.launchpad.net/bugs/1630700
Title:
CVE - KMail - HTML injection
** Also affects: kdepimlibs (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: kdepimlibs (Ubuntu Precise)
** Changed in: kdepimlibs (Ubuntu Trusty)
Status: New => In Progress
** Changed in: kdepimlibs (Ubuntu Trusty)
Assignee: (unassigned) => Simon Quigley
** Changed in: kcoreaddons (Ubuntu Xenial)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: kcoreaddons (Ubuntu Xenial)
Status: Confirmed => In Progress
** Description changed:
KDE Project Security Advisory
=
- Title:
Unsubscribing ubuntu-security-sponsors for now since there is nothing to
sponsor. Once a debdiff is attached, please re-subscribe the group.
Thanks!
** Changed in: kcoreaddons (Ubuntu Trusty)
Status: New => Fix Released
** Changed in: kcoreaddons (Ubuntu Precise)
Status: In
** Changed in: kcoreaddons (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: kcoreaddons (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: kcoreaddons (Ubuntu Precise)
Importance: Undecided => High
--
You received this bug notification because you are a member of
This bug was fixed in the package kcoreaddons - 5.26.0-0ubuntu2
---
kcoreaddons (5.26.0-0ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: KMail - HTML injection in plain text viewer
(LP: #1630700)
- debian/patches/0001-Fix-very-old-bug-when-we-remove-space-in-
** Changed in: kcoreaddons (Ubuntu Precise)
Status: New => In Progress
** Changed in: kcoreaddons (Ubuntu Precise)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kcoreaddons in
The attachment "precise.debdiff" seems to be a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if
** Also affects: kcoreaddons (Ubuntu Yakkety)
Importance: High
Assignee: Simon Quigley (tsimonq2)
Status: In Progress
** Also affects: kcoreaddons (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: kcoreaddons (Ubuntu Yakkety)
Assignee: Simon Quigley
** Also affects: kcoreaddons (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: kcoreaddons (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kcoreaddons
[18:18:58] infinity: Kubuntu would like to get a security fix in
before release:
https://anonscm.debian.org/git/pkg-kde/frameworks/kcoreaddons.git/commit/?id=ab7258dd8a87668ba63c585a69f41f291254aa43
[18:19:26] ScottK: Security fixes welcome.
[18:19:39] K. Thanks.
--
You received this
Debian patch - https://anonscm.debian.org/git/pkg-
kde/frameworks/kcoreaddons.git/commit/?id=ab7258dd8a87668ba63c585a69f41f291254aa43
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is
19 matches
Mail list logo