[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-release-team
Subject:    Re: Kopete: CVE 2017-5593 (User Impersonation Vulnerability)
From:       Frederik Schwarzer <schwarzer () kde ! org>
Date:       2017-02-14 9:53:03
Message-ID: 4ab4151f6b631ede9b0df3ec81b22713 () posteo ! de
[Download RAW message or body]

Hi,

Psi looks pretty dead. No release in almost five years. ... But one 
contributor is still quite active in both Iris and Psi. 
https://github.com/psi-im/iris/commits/master Maybe he can be convinced 
to push for a release of both?

KSirK used to have a copy of some of the Jabber code from Kopete. Could 
someone check if it's also affected? I only have internet at work and 
private use is not without limits, so ...

Cheers,
Frederik


Am 14.02.2017 10:34 schrieb Pali Rohár:
> On Tuesday 14 February 2017 10:19:17 Luca Beltrame wrote:
>> Il giorno Tue, 14 Feb 2017 09:21:12 +0100
>> Pali Rohár <pali.rohar@gmail.com> ha scritto:
>> 
>> > 1) Upstream libiris does not support building dynamic shared library
>> 
>> Then they should be pestered until they do, it would at least reduce
>> the impact of issues like this one.
> 
> Ok, I will open ticket for it in upstream bug tracker.
> 
>> > 2) Upstream libiris does not have stable API/ABI
>> 
>> Do you know if they at least bump soversions?
> 
> Soversion? See 1) There are no shared .so dynamic libraries, so nothing
> like soversion even exists.
[prev in list] [next in list] [prev in thread] [next in thread]