Kopete: CVE 2017-5593 (User Impersonation Vulnerability)

Pali Rohár pali.rohar at gmail.com
Sat Feb 11 12:59:01 UTC 2017


I need to inform you that jabber protocol in Kopete is vulnerable to 
CVE-2017-5593 (User Impersonation Vulnerability) due to defect in 
underlying Psi xmpp library libiris -- which is part of Kopete source 
tree. Note that Kopete is vulnerable even it does not support XEP-0280: 
Message Carbons yet (because defect is in libiris).

All Kopete versions which are part of KDE 16.11.80 (and new) are 

Backported fix for libiris is now in Application/16.12 branch in commit 

And so fix will be part of KDE 16.12.3 (Kopete 1.11.3).

More information at:

Pali Rohár
pali.rohar at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/release-team/attachments/20170211/e118870f/attachment.sig>

More information about the release-team mailing list