Bug#1006292: bullseye-pu: package plasma-discover/5.20.5-3
- To: Patrick Franz <deltaone@debian.org>, 1006292@bugs.debian.org
- Subject: Bug#1006292: bullseye-pu: package plasma-discover/5.20.5-3
- From: Julien Cristau <jcristau@debian.org>
- Date: Fri, 18 Mar 2022 16:17:27 +0100
- Message-id: <YjSih5g2VkbbN/+N@jcristau-z4>
- Reply-to: Julien Cristau <jcristau@debian.org>, 1006292@bugs.debian.org
- In-reply-to: <164556588566.859167.12258926328750978870.reportbug@delta-one>
- References: <164556588566.859167.12258926328750978870.reportbug@delta-one> <164556588566.859167.12258926328750978870.reportbug@delta-one>
Control: tag -1 confirmed
On Tue, Feb 22, 2022 at 10:38:05PM +0100, Patrick Franz wrote:
> [ Reason ]
> A bug in plasma-discover causes a Denial of Service attack
> against the KDE servers. 3 packages needs to be patch to
> mitigate the attack: knewstuff, plasma-desktop and
> plasma-discover.
> This update fixes bug #1006124 for bullseye and has been
> fixed in unstable.
>
> [ Impact ]
> Running the old version causes considerable load for the KDE
> servers.
>
> [ Tests ]
> No manual tests have been performed.
>
> [ Risks ]
> The risks are rather low as the update is a single patch.
> The patch has been created by KDE upstream specifically for the
> version in bullseye.
>
> [ Checklist ]
> [x] *all* changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in (old)stable
> [x] the issue is verified as fixed in unstable
>
> [ Changes ]
> The update contains a single patch to help ease the load on
> KDE servers.
>
> [ Other info ]
> It would be good if users of KDE plasma could receive the update
> as quick as possible.
Thanks, go ahead.
Cheers,
Julien
Reply to: