KDE Project Security Advisory: KMail: HTML injection in plain text viewer
Antonio Rojas
arojas at archlinux.org
Mon Oct 10 09:56:36 UTC 2016
El Thu, 06 Oct 2016 23:44:58 +0100, Jonathan Riddell escribió:
> These patches don't apply to the released versions, I've taken a diff
> from the branches
>
> https://packaging.neon.kde.org/applications/messagelib.git/tree/debian/
patches/kde_01_CVE-2016-7968-CVE-2016-7966.diff?h=Neon/release
> https://packaging.neon.kde.org/frameworks/kcoreaddons.git/tree/debian/
patches/kde_01_CVE-2016-7966.diff?h=Neon/release
>
> Jonathan
Thanks for these. Just a warning that the messagelib patch breaks BIC, so
at least mailcommon, kdepim and kdepim-addons need to be rebuilt against
the patched messagelib.
More information about the release-team
mailing list