[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-release-team
Subject:    Re: Kopete: CVE 2017-5593 (User Impersonation Vulnerability)
From:       Pali =?utf-8?B?Um9ow6Fy?= <pali.rohar () gmail ! com>
Date:       2017-02-17 12:32:04
Message-ID: 20170217123204.GA31532 () pali
[Download RAW message or body]

On Tuesday 14 February 2017 10:34:56 Pali Rohár wrote:
> On Tuesday 14 February 2017 10:19:17 Luca Beltrame wrote:
> > Il giorno Tue, 14 Feb 2017 09:21:12 +0100
> > Pali Rohár <pali.rohar@gmail.com> ha scritto:
> > 
> > > 1) Upstream libiris does not support building dynamic shared library
> > 
> > Then they should be pestered until they do, it would at least reduce
> > the impact of issues like this one. 
> 
> Ok, I will open ticket for it in upstream bug tracker.

Ticket is there: https://github.com/psi-im/iris/issues/49
You can watch it or if you have some ideas also comment it.

> > > 2) Upstream libiris does not have stable API/ABI
> > 
> > Do you know if they at least bump soversions?
> 
> Soversion? See 1) There are no shared .so dynamic libraries, so nothing
> like soversion even exists.

-- 
Pali Rohár
pali.rohar@gmail.com
[prev in list] [next in list] [prev in thread] [next in thread]