Bug#1006126: libkf5newstuffcore5: Denial of Service bug

To: Patrick Franz <deltaone@debian.org>, 1006126@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1006126: libkf5newstuffcore5: Denial of Service bug
From: Aurélien COUDERC <libre@coucouf.fr>
Date: Sat, 19 Feb 2022 17:17:28 +0100
Message-id: <[🔎] 9BE74C98-9F40-43CB-8234-B0142CE0F20C@coucouf.fr>
Reply-to: Aurélien COUDERC <libre@coucouf.fr>, 1006126@bugs.debian.org
In-reply-to: <[🔎] 164528163885.59138.2641387921761087533.reportbug@delta-one>
References: <[🔎] 164528163885.59138.2641387921761087533.reportbug@delta-one> <[🔎] 164528163885.59138.2641387921761087533.reportbug@delta-one>

Dear Patrick

Le 19 février 2022 15:40:38 GMT+01:00, Patrick Franz <deltaone@debian.org> a écrit :
>Package: libkf5newstuffcore5
>Version: 5.90.0-1
>Severity: important
>X-Debbugs-Cc: deltaone@debian.org
>
>Hi all, 
>
>knewstuff has a Denial of Service bug that sends huge amounts of requests
>to KDE servers.
>
>See the discussion of the KDE mailing-lists:
>https://mail.kde.org/pipermail/distributions/2022-February/001124.html
>

This is already fixed in 5.90.0-1, I've backported the fixes in this commit :
https://salsa.debian.org/qt-kde-team/kde/knewstuff/-/commit/2deac99db9d1c20a3a55750baa38adcd21895584

I've started an article in the team's Gobby to follow-up on this.

Someone™ needs to work on the stable update. ;-)


Cheers,
--
Aurélien

Reply to:

References:
- Bug#1006126: libkf5newstuffcore5: Denial of Service bug
  - From: Patrick Franz <deltaone@debian.org>

Prev by Date: kquickimageeditor_0.2.0-1_amd64.changes is NEW
Next by Date: Processed: your mail
Previous by thread: Bug#1006126: libkf5newstuffcore5: Denial of Service bug
Next by thread: Processed: Bug#1006126 marked as pending in knewstuff
Index(es):
- Date
- Thread