Re: kmail CVEs and patches
Hey, > I tried to backport the CVE-2016-7966 fix commit to kf 5.26 and it didn't > apply cleanly, it would be nice if the advisory includes the list of the > commits to backport, or maybe a new 5.26.1 kcoreaddons bugfix release. Yes another patch is missing there - I already informed them and hopefully they will update the infos. I also asked if they will ship a updated 5.26 version. > About: https://www.kde.org/info/security/advisory-20161006-3.txt > > Via irc you mentioned that non qtwebengine versions are affected by this as > well, that contradict the versions listed in the advisory message. As you > know, we are currently using qt 5.6 and messagelib from 16.04, which set of > patches should we include? No I misread the CVE. There is nothing to do here. Regards, sandro signature.asc Description: This is a digitally signed message part. -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
kmail CVEs and patches
Hi, About: https://www.kde.org/info/security/advisory-20161006-1.txt I tried to backport the CVE-2016-7966 fix commit to kf 5.26 and it didn't apply cleanly, it would be nice if the advisory includes the list of the commits to backport, or maybe a new 5.26.1 kcoreaddons bugfix release. About: https://www.kde.org/info/security/advisory-20161006-3.txt Via irc you mentioned that non qtwebengine versions are affected by this as well, that contradict the versions listed in the advisory message. As you know, we are currently using qt 5.6 and messagelib from 16.04, which set of patches should we include? Happy hacking, -- "It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration." -- Edsger W. Dijkstra Saludos /\/\ /\ >< `/ signature.asc Description: PGP signature -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk