Kopete: CVE 2017-5593 (User Impersonation Vulnerability)
Frederik Schwarzer
schwarzer at kde.org
Tue Feb 14 09:53:03 UTC 2017
Hi,
Psi looks pretty dead. No release in almost five years. ... But one
contributor is still quite active in both Iris and Psi.
https://github.com/psi-im/iris/commits/master Maybe he can be convinced
to push for a release of both?
KSirK used to have a copy of some of the Jabber code from Kopete. Could
someone check if it's also affected? I only have internet at work and
private use is not without limits, so ...
Cheers,
Frederik
Am 14.02.2017 10:34 schrieb Pali Rohár:
> On Tuesday 14 February 2017 10:19:17 Luca Beltrame wrote:
>> Il giorno Tue, 14 Feb 2017 09:21:12 +0100
>> Pali Rohár <pali.rohar at gmail.com> ha scritto:
>>
>> > 1) Upstream libiris does not support building dynamic shared library
>>
>> Then they should be pestered until they do, it would at least reduce
>> the impact of issues like this one.
>
> Ok, I will open ticket for it in upstream bug tracker.
>
>> > 2) Upstream libiris does not have stable API/ABI
>>
>> Do you know if they at least bump soversions?
>
> Soversion? See 1) There are no shared .so dynamic libraries, so nothing
> like soversion even exists.
More information about the release-team
mailing list