[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#899128: kdepim: Limit CVE-2017-17689 (EFAIL) even more for kmail

Control: reassign -1 src:kdepim

Hi Ivo,

On Mon, Apr 08, 2019 at 11:36:10AM +0200, Ivo De Decker wrote:
> Hi,
> 
> On Sat, May 19, 2018 at 07:18:06PM +0200, Sandro Knauß wrote:
> > I now created a debdiff for kdepim. The patch depdends on the new symbol that 
> > was added in new messageviewer (see #899127).
> 
> Does this bug still affect buster/sid? From the bug log and the tracker for
> CVE-2017-17689, it look like kmail in buster/sid is not affected, but it would
> be good if someone could confirm that.

I think the tracking problem was hiere that #899128 is associated with
src:meta-kde, but it should be src:kdepim (#899128) and respectively
kf5-messagelib was #899127. The issue was fixed in the kf5-messagelib
in version 4:18.08.1-1. In stretch src:kdepim was a source package,
whilst in buster kdepim is a binary package produced by kde-meta, but
the issue lies there in src:kf5-messagelib.

Regards,
Salvatore
Reply to: