Re: Bug#853241: kf5-messagelib: CVE-2016-7967 CVE-2016-7968
On Tue, Jan 31, 2017 at 12:22:34PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> On lunes, 30 de enero de 2017 20:15:38 ART Salvatore Bonaccorso wrote:
> > Hi
> >
> > It might be noted that the issues itself are mitigated with the fixes
> > applied for CVE-2016-7966, and a user protected from this CVE by only
> > viewing plain text mails. But the issues still presend. At least for
> > CVE-2016-7968 a full fix would need to be building with Qt 5.7.0
> > AFAICT (please correct me if I'm wrong).
>
> Salvatore: what would be the status considering we are still not using
> qtwebengine?
>
> Please note I normally do not touch KDE packaging, I just happen to know
> qtwebengine is not releated to this :)
I'll mark both bugs as not-affected in the security tracker and I suggest
you simply close this bug, then.
Cheers,
Moritz
Reply to: