This bug was fixed in the package kdepim - 4:4.7.4+git111222-0ubuntu0.3
---
kdepim (4:4.7.4+git111222-0ubuntu0.3) oneiric-security; urgency=high
* SECURITY UPDATE: Disable JavaScript, Java, and Plugins by default in
kmail/kontact messageviewer's quote colorer (LP: #1022690)
This bug was fixed in the package kdepim - 4:4.8.4a-0ubuntu0.3
---
kdepim (4:4.8.4a-0ubuntu0.3) precise-security; urgency=high
* SECURITY UPDATE: Disable JavaScript, Java, and Plugins by default in
kmail/kontact messageviewer's quote colorer (LP: #1022690)
- Upstream Git dbb
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3413
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepim in Ubuntu.
https://bugs.launchpad.net/bugs/1022690
Title:
kmail/kontact message viewer incorrectly defaults t
Resetting bug statuses to triaged, since the -security uploads haven't
happened yet, only the -proposed ones. Quel fun.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepim in Ubuntu.
https://bugs.launchpad.net/bugs/1022690
Title:
kmail
Hello Scott, or anyone else affected,
Accepted kdepim into precise-proposed. The package will build now and be
available at http://launchpad.net/ubuntu/+source/kdepim/4:4.8.4a-
0ubuntu0.2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:
** Changed in: kdepim (Ubuntu Oneiric)
Status: Confirmed => Triaged
** Changed in: kdepim (Ubuntu Precise)
Status: Confirmed => Triaged
** Changed in: kdepim (Ubuntu Oneiric)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
** Changed in: kdepim (Ubuntu Precise
I got more information on this today:
On Thursday, July 12, 2012 02:51:28 PM David Faure <...@kde.org> wrote:
> On Saturday 07 July 2012 11:36:10 Scott Kitterman wrote:
> > Would it be possible to get a sentence or two on what the vulnerability
> > was
> > that this fixed (the commit message isn't
Setting to Confirmed/unassigning myself per
https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue. I think these are
ready for upload.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1022690
Title:
kmai
Debdiff for precise. I have run this patch locally and I don't see any
problems. Since it's not clear exactly what this is supposed to protect
from, I can't verify if it does.
** Patch added: "Precise Debdiff"
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690/+attachment/3217910
debdiff for oneiric. Untested, but patch is trivial and the code is
identical to the upstream commit for 4.8/4.9.
** Patch added: "Oneiric Debdiff"
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690/+attachment/3217909/+files/oneiric.debdiff
--
You received this bug notification
This bug was fixed in the package kdepim - 4:4.8.90-0ubuntu2
---
kdepim (4:4.8.90-0ubuntu2) quantal; urgency=low
* Fix for upstream security issue, will be in the RC (LP: #1022690)
-- Scott KittermanMon, 09 Jul 2012 15:31:47 -0400
** Branch linked: lp:~kubuntu-packagers/kubunt
** Also affects: kdepim (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: kdepim (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: kdepim (Ubuntu Quantal)
Importance: Undecided
Status: New
** Changed in: kdepim (Ubuntu Quantal)
12 matches
Mail list logo