Xenial is proving to be harder to patch due to it being Frameworks 5.18. https://launchpad.net/ubuntu/+source/kcoreaddons/5.18.0-0ubuntu1
5.18.0 was tagged on Sat, 09 Jan 2016 09:49:38 +0000 (09:49 +0000) so according to this log: https://quickgit.kde.org/?p=kcoreaddons.git&a=history&h=5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a&f=src%2Flib%2Ftext%2Fktexttohtml.cpp We have 5 patches to apply, but I'm not experienced enough with coding to determine what is needed to fix the CVE and what is just new features or bug fixes. There is talk in the KDE community that patches might be available for up to a year after release, but still waiting on confirmation. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1630700 Title: CVE - KMail - HTML injection in plain text viewer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kcoreaddons/+bug/1630700/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
