Bug#755814: kde4libs: CVE-2014-5033

To: Felix Geyer <fgeyer@debian.org>
Cc: 755814@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>
Subject: Bug#755814: kde4libs: CVE-2014-5033
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 6 Aug 2014 22:00:15 +0200
Message-id: <[🔎] 20140806200015.GA12961@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 755814@bugs.debian.org
In-reply-to: <53DA93EA.7040906@debian.org>
References: <20140723140525.28055.6406.reportbug@m25s06.vlinux.de> <20140723140525.28055.6406.reportbug@m25s06.vlinux.de> <53DA93EA.7040906@debian.org>

On Thu, Jul 31, 2014 at 09:07:22PM +0200, Felix Geyer wrote:
> Hi Moritz,
> 
> On Wed, 23 Jul 2014 16:05:25 +0200 Moritz Muehlenhoff <jmm@inutil.org> wrote:
> > Package: kde4libs
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > 
> > Hi,
> > please see https://bugzilla.novell.com/show_bug.cgi?id=864716 for the original
> > bug report. The upstream fix is available here:
> > http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
> > 
> > We should also fix this in Wheezy.
> 
> Attached is a debdiff that adds the upstream patch to kde4libs/wheezy.
> I've tested that kauth still works (e.g. changing the display manager setting in system settings).
> Please let me know if I can go ahead and upload it to the security archive.

Please build with "-sa" (since this is the first wheezy security update for
kde4libs) and upload to security-master.

I'm mostly offline until next week, if noone gets to it earlier, I'll
deal with it in a week.

Thanks,
        Moritz

Reply to:

Prev by Date: Bug#757271: Might need linking against qtDBus
Next by Date: Bug#757271: Might need linking against qtDBus
Previous by thread: Bug#757271: Might need linking against qtDBus
Next by thread: qtconnectivity-opensource-src_5.3.1-2_i386.changes ACCEPTED into unstable
Index(es):
- Date
- Thread