Bug#853241: marked as done (kf5-messagelib: CVE-2016-7967 CVE-2016-7968)

To: Thorsten Alteholz <debian@alteholz.de>
Subject: Bug#853241: marked as done (kf5-messagelib: CVE-2016-7967 CVE-2016-7968)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 31 Jan 2017 21:33:06 +0000
Message-id: <[🔎] handler.853241.D853241.14858982115338.ackdone@bugs.debian.org>
References: <[🔎] alpine.DEB.2.02.1701312220230.22515@jupiter.server.alteholz.net> <[🔎] alpine.DEB.2.02.1701301953540.4155@jupiter.server.alteholz.net>

Your message dated Tue, 31 Jan 2017 22:25:58 +0100 (CET)
with message-id <[🔎] alpine.DEB.2.02.1701312220230.22515@jupiter.server.alteholz.net>
and subject line Re: Bug#853241: kf5-messagelib: CVE-2016-7967 CVE-2016-7968
has caused the Debian Bug report #853241,
regarding kf5-messagelib: CVE-2016-7967 CVE-2016-7968
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
853241: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853241
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: kf5-messagelib: CVE-2016-7967 CVE-2016-7968
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 30 Jan 2017 19:55:16 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1701301953540.4155@jupiter.server.alteholz.net>

Package: kf5-messagelib
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for kf5-messagelib.

CVE-2016-7967[0]:
| KMail since version 5.3.0 used a QWebEngine based viewer that had
| JavaScript enabled. Since the generated html is executed in the local
| file security context by default access to remote and local URLs was
| enabled.

CVE-2016-7968[1]:
| KMail since version 5.3.0 used a QWebEngine based viewer that had
| JavaScript enabled. HTML Mail contents were not sanitized for
| JavaScript and included code was executed.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7967
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7967
[1] https://security-tracker.debian.org/tracker/CVE-2016-7968
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7968
Please adjust the affected versions in the BTS as needed.

   Thorsten

--- End Message ---

--- Begin Message ---

To: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

Cc: debian-qt-kde@lists.debian.org, 853241-done@bugs.debian.org

Subject: Re: Bug#853241: kf5-messagelib: CVE-2016-7967 CVE-2016-7968

From: Thorsten Alteholz <debian@alteholz.de>

Date: Tue, 31 Jan 2017 22:25:58 +0100 (CET)

Message-id: <[🔎] alpine.DEB.2.02.1701312220230.22515@jupiter.server.alteholz.net>

In-reply-to: <[🔎] 2240352.RVTt9diRgf@tonks>

References: <[🔎] alpine.DEB.2.02.1701301953540.4155@jupiter.server.alteholz.net> <[🔎] 2240352.RVTt9diRgf@tonks>
Version: 4:16.04.3-2

Hi everybody,
thanks a lot for all the information, which are on their way to thesecurity tracker now. So this bug can be closed again.
  Thorstzen
--- End Message ---

Reply to:

References:
- Re: Bug#853241: kf5-messagelib: CVE-2016-7967 CVE-2016-7968
  - From: Thorsten Alteholz <debian@alteholz.de>
- Bug#853241: kf5-messagelib: CVE-2016-7967 CVE-2016-7968
  - From: Thorsten Alteholz <debian@alteholz.de>

Prev by Date: Re: Bug#853241: kf5-messagelib: CVE-2016-7967 CVE-2016-7968
Next by Date: Processing of kreport_3.0.0-1_amd64.changes
Previous by thread: Re: Bug#853241: kf5-messagelib: CVE-2016-7967 CVE-2016-7968
Next by thread: Processed: found 853241 in 4:16.04.3-2
Index(es):
- Date
- Thread