This bug was fixed in the package kcoreaddons - 5.26.0-0ubuntu2
---------------
kcoreaddons (5.26.0-0ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: KMail - HTML injection in plain text viewer
(LP: #1630700)
- debian/patches/0001-Fix-very-old-bug-when-we-remove-space-in-
url-as-foo-.patch: Code added by upstream to fix another bug,
but needs to be applied in advance of patch 0002
- debian/patches/0002-Don-t-convert-as-url-an-url-which-has-a.patch:
Fixes CVE-2016-7966
Patches cherrypicked from Debian:
https://anonscm.debian.org/git/pkg-kde/frameworks/kcoreaddons.git
Commit: ab7258dd8a87668ba63c585a69f41f291254aa43
Many thanks to Sandro Knauß for these patches
-- Clive Johnston <[email protected]> Fri, 07 Oct 2016 23:57:19
+0100
** Changed in: kcoreaddons (Ubuntu Yakkety)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1630700
Title:
CVE - KMail - HTML injection in plain text viewer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kcoreaddons/+bug/1630700/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
