Bug#755814: kde4libs: CVE-2014-5033
On Thu, Jul 31, 2014 at 09:07:22PM +0200, Felix Geyer wrote:
> Hi Moritz,
>
> On Wed, 23 Jul 2014 16:05:25 +0200 Moritz Muehlenhoff <jmm@inutil.org> wrote:
> > Package: kde4libs
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Hi,
> > please see https://bugzilla.novell.com/show_bug.cgi?id=864716 for the original
> > bug report. The upstream fix is available here:
> > http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
> >
> > We should also fix this in Wheezy.
>
> Attached is a debdiff that adds the upstream patch to kde4libs/wheezy.
> I've tested that kauth still works (e.g. changing the display manager setting in system settings).
> Please let me know if I can go ahead and upload it to the security archive.
Please build with "-sa" (since this is the first wheezy security update for
kde4libs) and upload to security-master.
I'm mostly offline until next week, if noone gets to it earlier, I'll
deal with it in a week.
Thanks,
Moritz
Reply to: