Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP

To: Sandro Knauß <hefee@debian.org>
Cc: team@security.debian.org, 864804@bugs.debian.org
Subject: Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 4 Jul 2017 23:14:54 +0200
Message-id: <[🔎] 20170704211454.5hlbs4nmv4d7rzir@pisco.westfalen.local>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 864804@bugs.debian.org
In-reply-to: <9046554.SNbWEWLXf3@tuxin>
References: <149750521053.30877.8811369600356414282.reportbug@eldamar.local> <9046554.SNbWEWLXf3@tuxin>

On Sat, Jun 17, 2017 at 11:00:26AM +0200, Sandro Knauß wrote:
> Hey,
> 
> I backported the patch for jessie. I attached a debdiff and waiting for your 
> response to upload.

Hi Sandro,
sorry for the late reply, I was on afk myself.

This is fairly obscure feature with IMO little practical impact and this
doesn't warrant a DSA on it's own. This can either be fixed via a point
update [1] or we can fix this along when there's a more severe kdepim
vulnerarability in the future.

Cheers,
        Moritz

[1] https://www.debian.org/doc/manuals/developers-reference/ch05.html#upload-stable

Reply to:

Prev by Date: qtxmlpatterns-opensource-src_5.9.1-1_source.changes ACCEPTED into experimental
Next by Date: Processed: Re: kde-style-breeze: [fixed upstream] dark themes lowlight active tab instead of highlighting
Previous by thread: qtxmlpatterns-opensource-src_5.9.1-1_source.changes ACCEPTED into experimental
Next by thread: qbs 1.8.1 released
Index(es):
- Date
- Thread