KDE Project Security Advisory: KMail: HTML injection in plain text viewer

Antonio Rojas arojas at archlinux.org
Mon Oct 10 09:56:36 UTC 2016


El Thu, 06 Oct 2016 23:44:58 +0100, Jonathan Riddell escribió:

> These patches don't apply to the released versions, I've taken a diff
> from the branches
> 
> https://packaging.neon.kde.org/applications/messagelib.git/tree/debian/
patches/kde_01_CVE-2016-7968-CVE-2016-7966.diff?h=Neon/release
> https://packaging.neon.kde.org/frameworks/kcoreaddons.git/tree/debian/
patches/kde_01_CVE-2016-7966.diff?h=Neon/release
> 
> Jonathan

Thanks for these. Just a warning that the messagelib patch breaks BIC, so 
at least mailcommon, kdepim and kdepim-addons need to be rebuilt against 
the patched messagelib.



More information about the release-team mailing list