kmail CVEs and patches
Sandro Knauß
bugs at sandroknauss.de
Fri Oct 7 21:14:00 UTC 2016
Hey,
> I tried to backport the CVE-2016-7966 fix commit to kf 5.26 and it didn't
> apply cleanly, it would be nice if the advisory includes the list of the
> commits to backport, or maybe a new 5.26.1 kcoreaddons bugfix release.
Yes another patch is missing there - I already informed them and hopefully
they will update the infos. I also asked if they will ship a updated 5.26
version.
> About: https://www.kde.org/info/security/advisory-20161006-3.txt
>
> Via irc you mentioned that non qtwebengine versions are affected by this as
> well, that contradict the versions listed in the advisory message. As you
> know, we are currently using qt 5.6 and messagelib from 16.04, which set of
> patches should we include?
No I misread the CVE. There is nothing to do here.
Regards,
sandro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-talk/attachments/20161007/ef668d59/attachment.sig>
More information about the pkg-kde-talk
mailing list