[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-release-team
Subject:    Re: KDE Project Security Advisory: KMail: HTML injection in plain text viewer
From:       Antonio Rojas <arojas () archlinux ! org>
Date:       2016-10-10 9:56:36
Message-ID: ntfokk$s53$1 () blaine ! gmane ! org
[Download RAW message or body]

El Thu, 06 Oct 2016 23:44:58 +0100, Jonathan Riddell escribió:

> These patches don't apply to the released versions, I've taken a diff
> from the branches
> 
> https://packaging.neon.kde.org/applications/messagelib.git/tree/debian/
patches/kde_01_CVE-2016-7968-CVE-2016-7966.diff?h=Neon/release
> https://packaging.neon.kde.org/frameworks/kcoreaddons.git/tree/debian/
patches/kde_01_CVE-2016-7966.diff?h=Neon/release
> 
> Jonathan

Thanks for these. Just a warning that the messagelib patch breaks BIC, so 
at least mailcommon, kdepim and kdepim-addons need to be rebuilt against 
the patched messagelib.

[prev in list] [next in list] [prev in thread] [next in thread]