[Bug 1630700] Re: CVE - KMail - HTML injection in plain text viewer
Clive Johnston
1630700 at bugs.launchpad.net
Tue Oct 11 17:04:45 UTC 2016
Xenial is proving to be harder to patch due to it being Frameworks 5.18.
https://launchpad.net/ubuntu/+source/kcoreaddons/5.18.0-0ubuntu1
5.18.0 was tagged on Sat, 09 Jan 2016 09:49:38 +0000 (09:49 +0000) so
according to this log:
https://quickgit.kde.org/?p=kcoreaddons.git&a=history&h=5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a&f=src%2Flib%2Ftext%2Fktexttohtml.cpp
We have 5 patches to apply, but I'm not experienced enough with coding
to determine what is needed to fix the CVE and what is just new features
or bug fixes. There is talk in the KDE community that patches might be
available for up to a year after release, but still waiting on
confirmation.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kcoreaddons in Ubuntu.
https://bugs.launchpad.net/bugs/1630700
Title:
CVE - KMail - HTML injection in plain text viewer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kcoreaddons/+bug/1630700/+subscriptions
More information about the kubuntu-bugs
mailing list