[Pkg-kde-extras] Bug#881586: Konversation CVE-2017-15923
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 13 16:11:46 UTC 2017
Hi
On Mon, Nov 13, 2017 at 10:17:37AM +0100, Yves-Alexis Perez wrote:
> Package: konversation
> Tag: security
>
> On Sun, 2017-11-12 at 17:01 -0500, Joseph Bisch wrote:
> > Hi,
> >
> > See the November 11th security advisory for Konversation at:
> >
> > https://konversation.kde.org/
> >
> > Reproducer:
> >
> > echo $'privmsg \x16\x033\x8e3\x2eqt/\x03e\xe2\x16\n' | nc -l -p 6667
> >
> > and then connect to that with Konversation.
> >
> > May require ASan or other method of detecting the use after free.
>
> Thanks for the report, I'm adding Pino in the loop but since it's a public
> vulnerability you can directly report it to the BTS.
>
> Pino, can you prepare an update for sid, stretch and jessie (with isolated
> patches for stable releases)?
I have prepared both jessie- and stretch-security uploads, though at
the moment only stretch-security has been tested. Will come to the
jessie one later today.
Regards,
Salvatore
More information about the pkg-kde-extras
mailing list