[Bug 1630700] Re: CVE - KMail - HTML injection in plain text viewer
Launchpad Bug Tracker
1630700 at bugs.launchpad.net
Sun Oct 9 10:24:24 UTC 2016
This bug was fixed in the package kcoreaddons - 5.26.0-0ubuntu2
---------------
kcoreaddons (5.26.0-0ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: KMail - HTML injection in plain text viewer
(LP: #1630700)
- debian/patches/0001-Fix-very-old-bug-when-we-remove-space-in-
url-as-foo-.patch: Code added by upstream to fix another bug,
but needs to be applied in advance of patch 0002
- debian/patches/0002-Don-t-convert-as-url-an-url-which-has-a.patch:
Fixes CVE-2016-7966
Patches cherrypicked from Debian:
https://anonscm.debian.org/git/pkg-kde/frameworks/kcoreaddons.git
Commit: ab7258dd8a87668ba63c585a69f41f291254aa43
Many thanks to Sandro Knauß for these patches
-- Clive Johnston <clivejo at kubuntu.org> Fri, 07 Oct 2016 23:57:19
+0100
** Changed in: kcoreaddons (Ubuntu Yakkety)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kcoreaddons in Ubuntu.
https://bugs.launchpad.net/bugs/1630700
Title:
CVE - KMail - HTML injection in plain text viewer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kcoreaddons/+bug/1630700/+subscriptions
More information about the kubuntu-bugs
mailing list