Bug#842498: marked as done (kde-runtime: Command displayed by kdesu truncated by unicode string terminator (CVE-2016-7787))
Your message dated Tue, 21 Mar 2017 11:33:55 +0000
with message-id <E1cqI31-0008GH-1e@fasolo.debian.org>
and subject line Bug#842498: fixed in kde-runtime 4:16.08.3-2
has caused the Debian Bug report #842498,
regarding kde-runtime: Command displayed by kdesu truncated by unicode string terminator (CVE-2016-7787)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
842498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842498
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: kde-cli-tools: CVE-2016-7787
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 05 Oct 2016 21:48:58 +0200
- Message-id: <147569693849.6905.10348411513057880529.reportbug@eldamar.local>
Source: kde-cli-tools
Version: 4:5.7.4-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for kde-cli-tools.
CVE-2016-7787[0]:
kdesu: Displayed command truncated by unicode string terminator
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7787
[1] https://www.kde.org/info/security/advisory-20160930-1.txt
Please adjust the affected versions in the BTS as needed. I'm not sure
if kde-runtime is as well affected (it looks source wise, since the
same file can be patched).
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kde-runtime
Source-Version: 4:16.08.3-2
We believe that the bug you reported is fixed in the latest version of
kde-runtime, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 842498@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Maximiliano Curia <maxy@gnuservers.com.ar> (supplier of updated kde-runtime package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 21 Mar 2017 11:25:21 +0100
Source: kde-runtime
Binary: kde-runtime kdebase-runtime kde-runtime-data plasma-scriptengine-javascript
Architecture: source
Version: 4:16.08.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@gnuservers.com.ar>
Description:
kde-runtime - runtime components from the official KDE release
kde-runtime-data - shared data files for the KDE base runtime module
kdebase-runtime - Transitional package for the KDE runtime components
plasma-scriptengine-javascript - JavaScript script engine for Plasma
Closes: 842498
Changes:
kde-runtime (4:16.08.3-2) unstable; urgency=medium
.
* Add new patch: Make-sure-people-are-not-trying-to-sneak-invisible-charac.patch.
Thanks to Moritz Mühlenhoff for the follow ups to the kde-cli-tools' bug
(Closes: 842498) See: CVE-2016-7787
Checksums-Sha1:
fef44e3227d50f1204c618145503bdfc14777747 3125 kde-runtime_16.08.3-2.dsc
10bba2290b7d9e2769ce398ad8e1515d3dcb3e46 46048 kde-runtime_16.08.3-2.debian.tar.xz
6cdff29f89b0f1e60c0b0a12650ebf1065569fc8 15548 kde-runtime_16.08.3-2_source.buildinfo
Checksums-Sha256:
d93368b8138cc15ed534e10d976a49e43d5f2a72f372579f365d3cd0f4a8db58 3125 kde-runtime_16.08.3-2.dsc
8080155fa46858e39a89e678fff758bfdb93dd95fd5120f2da8703365d9bec42 46048 kde-runtime_16.08.3-2.debian.tar.xz
21277ff104c806db47e05316eb48748e3a9258f154a29498a24be6a08e60181a 15548 kde-runtime_16.08.3-2_source.buildinfo
Files:
a1492d17d77f23164f9cac529e36346d 3125 kde optional kde-runtime_16.08.3-2.dsc
8694a83d34e4251045263ca92a3c8812 46048 kde optional kde-runtime_16.08.3-2.debian.tar.xz
86e3cec12f1708ba4865218b10e88565 15548 kde optional kde-runtime_16.08.3-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAljRDHQACgkQxxl2mbKb
IyoYcBAAtcojpUecVPtE5UModmTFnzRHBZNpo5FAyWHh0ftbDGlHW/PPH+D8VLny
yRdc7FtY8/nOdVcUo8KA8KVh0HK/aDPk12Gg1FICJh9NjL8bkBAs0qTeAwtD619B
OkG3Ui9w1ikBfRbPo6+3KH7IYJDZ4gQd9d1PbbvVuMmHLRYE4gELmRs/i7f3oSfy
LOtgPv6DVClMIpMyrL2rxo++5LTwHn1EyqgwFNvNbJwTHbMvk+sesK8xfX1PixzK
L2PMl+iiIxX+Q0QMDJf7QgoIujawkVtV/GzlPJT+1xwB7Ln5icCabtNpTRBdMVqR
xzKJdCewJQgNns9nEECeP/vKmFZDgpudXk/N8BXwnX4Bu+QQjb2zqGqejuNUTfzI
RmvAtKrkHoNFTqxQu2Xj+vKhaLHH+OHaTZMDnkGPvL/alzwgiS5iX6QxQOLtrVWT
1WqsYJlCjWQS8Jbjy99oqth5YudXMz2+mOSsTml1EBw4a9Sd06K3KQmlyHuvSglQ
yddFJg51sgrtKxsTi+L+LxUWDmi6LRm58KE/YqOM+qCR9FsGs4Hv6U4PitwQAzc/
CbEy+Tlsp5K1JF5oCkOZmH1jY4aF18oP6ofQR9zZ3sA/6F38d1bHSanGnn3gvhvl
QVzd6wrVpffv5q/NlSp+T5AQTgco4Xa1O790dc9AEVpodgURyqw=
=K6xY
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: