Bug#710497: kdeplasma-addons: CVE-2013-2120

To: Moritz Muehlenhoff <jmm@inutil.org>, 710497@bugs.debian.org
Subject: Bug#710497: kdeplasma-addons: CVE-2013-2120
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 26 Jun 2013 07:51:09 +0200
Message-id: <[🔎] 20130626055109.GA2033@elende.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 710497@bugs.debian.org
In-reply-to: <20130531113950.26161.59012.reportbug@m25s06.vlinux.de>
References: <20130531113950.26161.59012.reportbug@m25s06.vlinux.de>

Hi Qt/KDE maintainers,

On Fri, May 31, 2013 at 01:39:50PM +0200, Moritz Muehlenhoff wrote:
> Package: kdeplasma-addons
> Severity: important
> Tags: security
> 
> Please see http://seclists.org/oss-sec/2013/q2/429
> 
> Once an upstream fix is available, we can fix this in
> a point update.

Short note on this: Upstream proposed fix, which was pushed to Ubuntu
and Fedora already, is incomplete/still weak, see [1], so please do
not add this patch alone. Some discussion is happening on [2] and
[3].

 [1] http://marc.info/?l=oss-security&m=137222323420860&w=2
 [2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2120
 [3] https://bugs.launchpad.net/ubuntu/%2Bsource/kdeplasma-addons/%2Bbug/1179380

Regards,
Salvatore

Reply to:

Prev by Date: qtbase-opensource-src_5.0.2+dfsg1-7_amd64.changes ACCEPTED into experimental
Next by Date: Bug#701303: marked as done (kstars: ftbfs with eglibc-2.17)
Previous by thread: qtbase-opensource-src_5.0.2+dfsg1-7_amd64.changes ACCEPTED into experimental
Next by thread: Bug#701303: marked as done (kstars: ftbfs with eglibc-2.17)
Index(es):
- Date
- Thread