Kopete: CVE 2017-5593 (User Impersonation Vulnerability)

Frederik Schwarzer schwarzer at kde.org
Tue Feb 14 09:53:03 UTC 2017


Hi,

Psi looks pretty dead. No release in almost five years. ... But one 
contributor is still quite active in both Iris and Psi. 
https://github.com/psi-im/iris/commits/master Maybe he can be convinced 
to push for a release of both?

KSirK used to have a copy of some of the Jabber code from Kopete. Could 
someone check if it's also affected? I only have internet at work and 
private use is not without limits, so ...

Cheers,
Frederik


Am 14.02.2017 10:34 schrieb Pali Rohár:
> On Tuesday 14 February 2017 10:19:17 Luca Beltrame wrote:
>> Il giorno Tue, 14 Feb 2017 09:21:12 +0100
>> Pali Rohár <pali.rohar at gmail.com> ha scritto:
>> 
>> > 1) Upstream libiris does not support building dynamic shared library
>> 
>> Then they should be pestered until they do, it would at least reduce
>> the impact of issues like this one.
> 
> Ok, I will open ticket for it in upstream bug tracker.
> 
>> > 2) Upstream libiris does not have stable API/ABI
>> 
>> Do you know if they at least bump soversions?
> 
> Soversion? See 1) There are no shared .so dynamic libraries, so nothing
> like soversion even exists.


More information about the release-team mailing list