[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#755814: kde4libs: CVE-2014-5033



On Thu, Jul 31, 2014 at 09:07:22PM +0200, Felix Geyer wrote:
> Hi Moritz,
> 
> On Wed, 23 Jul 2014 16:05:25 +0200 Moritz Muehlenhoff <jmm@inutil.org> wrote:
> > Package: kde4libs
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > 
> > Hi,
> > please see https://bugzilla.novell.com/show_bug.cgi?id=864716 for the original
> > bug report. The upstream fix is available here:
> > http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
> > 
> > We should also fix this in Wheezy.
> 
> Attached is a debdiff that adds the upstream patch to kde4libs/wheezy.
> I've tested that kauth still works (e.g. changing the display manager setting in system settings).
> Please let me know if I can go ahead and upload it to the security archive.

Please build with "-sa" (since this is the first wheezy security update for
kde4libs) and upload to security-master.

I'm mostly offline until next week, if noone gets to it earlier, I'll
deal with it in a week.

Thanks,
        Moritz


Reply to: