Kopete: CVE 2017-5593 (User Impersonation Vulnerability)

Pali Rohár pali.rohar at gmail.com
Tue Feb 14 09:34:56 UTC 2017


On Tuesday 14 February 2017 10:19:17 Luca Beltrame wrote:
> Il giorno Tue, 14 Feb 2017 09:21:12 +0100
> Pali Rohár <pali.rohar at gmail.com> ha scritto:
> 
> > 1) Upstream libiris does not support building dynamic shared library
> 
> Then they should be pestered until they do, it would at least reduce
> the impact of issues like this one. 

Ok, I will open ticket for it in upstream bug tracker.

> > 2) Upstream libiris does not have stable API/ABI
> 
> Do you know if they at least bump soversions?

Soversion? See 1) There are no shared .so dynamic libraries, so nothing
like soversion even exists.

-- 
Pali Rohár
pali.rohar at gmail.com


More information about the release-team mailing list