[Pkg-kde-extras] Bug#881586: marked as done (Konversation CVE-2017-15923)

2017-11-18 Thread Debian Bug Tracking System 
Your message dated Sat, 18 Nov 2017 22:19:01 +
with message-id 
and subject line Bug#881586: fixed in konversation 1.5-2+deb8u1
has caused the Debian Bug report #881586,
regarding Konversation CVE-2017-15923
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: konversation
Tag: security

On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote:
> Hi,
> 
> See the November 11th security advisory for Konversation at:
> 
> https://konversation.kde.org/
> 
> Reproducer:
> 
> echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667
> 
> and then connect to that with Konversation.
> 
> May require ASan or other method of detecting the use after free.

Thanks for the report, I'm adding Pino in the loop but since it's a public
vulnerability you can directly report it to the BTS.

Pino, can you prepare an update for sid, stretch and jessie (with isolated
patches for stable releases)?

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: konversation
Source-Version: 1.5-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
konversation, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated konversation 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 Nov 2017 16:41:12 +0100
Source: konversation
Binary: konversation konversation-data konversation-dbg
Architecture: all source
Version: 1.5-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian KDE Extras Team 
Changed-By: Salvatore Bonaccorso 
Closes: 881586
Description: 
 konversation - user friendly Internet Relay Chat (IRC) client for KDE
 konversation-data - data files for Konversation
 konversation-dbg - debugging symbols for Konversation
Changes:
 konversation (1.5-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2017-15923: Crash in parsing IRC color formatting codes
 (Closes: #881586)
Checksums-Sha1: 
 957237658bfda48bc4818deab5617775642410a2 2436 konversation_1.5-2+deb8u1.dsc
 3955a43758750b63d84299a9d9a5933b73e5492b 3169284 konversation_1.5.orig.tar.xz
 8b90c9d2234f10776886d8ca0db9e600169b63fa 27108 
konversation_1.5-2+deb8u1.debian.tar.xz
 899a916d40a5ffeaf61bf14eef499084a76e10de 3039240 
konversation-data_1.5-2+deb8u1_all.deb
Checksums-Sha256: 
 56f0811183870306868b6556ac85ae3b2a018025d6db43421139ed84f9cb67a5 2436 
konversation_1.5-2+deb8u1.dsc
 382de6217ec1e27c292ec33473a31b893863dc699c79669f5ef364152719546f 3169284 
konversation_1.5.orig.tar.xz
 3eaddfaa3f1b17e51f11b3492483b078c35ab9b09bc4fd40395777aef65097d8 27108 
konversation_1.5-2+deb8u1.debian.tar.xz
 ac9cfc7d36a41bcb37c1f2611d166a94ee5dee41469f8715e90a0da853420d7a 3039240 
konversation-data_1.5-2+deb8u1_all.deb
Files: 
 f72a605cc04308614e3d87e84a143512 2436 net optional 
konversation_1.5-2+deb8u1.dsc
 c65c97012854f334d87b3a8df32b38f1 3169284 net optional 
konversation_1.5.orig.tar.xz
 708920c330e71c1837556bb9e73fe8ec 27108 net optional 
konversation_1.5-2+deb8u1.debian.tar.xz
 a83b3f2407b7add39d68fcb122ddb29b 3039240 net optional 
konversation-data_1.5-2+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloJwGxfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EvuUP/iyy/LoewA7xCQ5KYhmV+c7S66qrxMW2
pEH9zveO5vxVk5zK/YQVw+B5kJojAjHMCpNVePR+7vz0Ie+czsgHdrtdrjkczrpP
0Us3Rirefw1ssrJ6vJQlzymUZzWE+daJYs6inVpUUIzPTNDMejcfhWX/7s8g75ww
RCxB9kFrGSiGdee9DcKG8hc7mihHZvCdlOCmDgD99+QT0bYO/dDFaba9Ssb+9Zte
VMS3v6wEwzZSkag6QZQgFaq7GEFq2acMWBKvq1i+O8nzjCr9/KHpf7okvpmsLzpq

[Pkg-kde-extras] Bug#881586: marked as done (Konversation CVE-2017-15923)

2017-11-18 Thread Debian Bug Tracking System 
Your message dated Sat, 18 Nov 2017 21:04:15 +
with message-id 
and subject line Bug#881586: fixed in konversation 1.6.2-2+deb9u1
has caused the Debian Bug report #881586,
regarding Konversation CVE-2017-15923
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: konversation
Tag: security

On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote:
> Hi,
> 
> See the November 11th security advisory for Konversation at:
> 
> https://konversation.kde.org/
> 
> Reproducer:
> 
> echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667
> 
> and then connect to that with Konversation.
> 
> May require ASan or other method of detecting the use after free.

Thanks for the report, I'm adding Pino in the loop but since it's a public
vulnerability you can directly report it to the BTS.

Pino, can you prepare an update for sid, stretch and jessie (with isolated
patches for stable releases)?

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: konversation
Source-Version: 1.6.2-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
konversation, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated konversation 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 Nov 2017 16:06:25 +0100
Source: konversation
Binary: konversation konversation-data
Architecture: source
Version: 1.6.2-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian KDE Extras Team 
Changed-By: Salvatore Bonaccorso 
Closes: 881586
Description: 
 konversation - user friendly Internet Relay Chat (IRC) client for KDE
 konversation-data - data files for Konversation
Changes:
 konversation (1.6.2-2+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2017-15923: Crash in parsing IRC color formatting codes
 (Closes: #881586)
Checksums-Sha1: 
 50a14c1dc3a1aa34fd45c639016a734bfbd28e70 3165 konversation_1.6.2-2+deb9u1.dsc
 7a0143fa195d8fd3f646997e8eeff468f1ec5fdb 3876040 konversation_1.6.2.orig.tar.xz
 04ba1422708eca5a4ef34e78b0a3e8822e7bc1e2 25396 
konversation_1.6.2-2+deb9u1.debian.tar.xz
 4d7f701f1aac8f44b1814fcd29485bc360ee93b9 5991 
konversation_1.6.2-2+deb9u1_source.buildinfo
Checksums-Sha256: 
 a0af6b4305a02f8c0e716b6a9210e0fac8de276d73fdf91ec7d03f6b85fd4b4a 3165 
konversation_1.6.2-2+deb9u1.dsc
 b6521dc29ee4e2b2b6d736860d1edb381609ee182a13517680439dcfa9d6289d 3876040 
konversation_1.6.2.orig.tar.xz
 b5a587722af9ee8a9b74483a493cf35f9f93f892eae1304c6935b16dd909190e 25396 
konversation_1.6.2-2+deb9u1.debian.tar.xz
 6c6963a5ed328aba2ce7b271be57989acac8dbcc17c819e16f25981a3d42ecaf 5991 
konversation_1.6.2-2+deb9u1_source.buildinfo
Files: 
 2f22fdfb6e937fbf56a5004ebb9d8872 3165 net optional 
konversation_1.6.2-2+deb9u1.dsc
 b65e30362158fb68e80fa42734ca2558 3876040 net optional 
konversation_1.6.2.orig.tar.xz
 ff203ac55422eb3d1bf8cd6cc4ca65f1 25396 net optional 
konversation_1.6.2-2+deb9u1.debian.tar.xz
 b1cbc30d91360cd0f900dae37203ebe2 5991 net optional 
konversation_1.6.2-2+deb9u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloJwBdfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E0owP/04cOXA676i4Tumlm89NaUrCLbUFMb3/
XtbwulQFB1X5ou9mZkEtxIzRuIlZcRksvvhBCS6NOOm2p9J6YYphxN5W55sU9DBk
7VxjCl34J0WKgVhn0UOu/CmDi1C8GxvbcrA8GxeCfw4aCg6jeV+QKriqh/kn83H7
K7dGKZAlv85NPp78snbFGphldjSmQKOOKYv3/ic/ABnlo8BKalXhBrhkMOYqsb1+
fMtH+wNwCUc6pWopcMUI8Es+JmRMSYj7Ck96/rIRsznoz0PpVZXtvWibeYOG6v2u
3Cnj3EtnrS7lCaxK7AvaBXXzXu4iM22SvaFmL5+CQm2/jK0881w/W7GHpdNXjo+6