Kopete: CVE 2017-5593 (User Impersonation Vulnerability)
Albert Astals Cid
aacid at kde.org
Tue Feb 14 19:44:50 UTC 2017
El dimarts, 14 de febrer de 2017, a les 10:53:03 CET, Frederik Schwarzer va
escriure:
> Hi,
>
> Psi looks pretty dead. No release in almost five years. ... But one
> contributor is still quite active in both Iris and Psi.
> https://github.com/psi-im/iris/commits/master Maybe he can be convinced
> to push for a release of both?
>
> KSirK used to have a copy of some of the Jabber code from Kopete. Could
> someone check if it's also affected? I only have internet at work and
> private use is not without limits, so ...
I had a quick look yesterday and it seems the code is old enough so that it
doesn't include that, a second look wouldn't hurt of course.
Cheers,
Albert
>
> Cheers,
> Frederik
>
> Am 14.02.2017 10:34 schrieb Pali Rohár:
> > On Tuesday 14 February 2017 10:19:17 Luca Beltrame wrote:
> >> Il giorno Tue, 14 Feb 2017 09:21:12 +0100
> >>
> >> Pali Rohár <pali.rohar at gmail.com> ha scritto:
> >> > 1) Upstream libiris does not support building dynamic shared library
> >>
> >> Then they should be pestered until they do, it would at least reduce
> >> the impact of issues like this one.
> >
> > Ok, I will open ticket for it in upstream bug tracker.
> >
> >> > 2) Upstream libiris does not have stable API/ABI
> >>
> >> Do you know if they at least bump soversions?
> >
> > Soversion? See 1) There are no shared .so dynamic libraries, so nothing
> > like soversion even exists.
More information about the release-team
mailing list