Bug 19064

Summary: kdelibs4/karchive new security issue CVE-2016-6232
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/695323/
Whiteboard:
Source RPM: kdelibs4, karchive CVE:
Status comment:
Bug Depends on: 17123    
Bug Blocks:    

Description David Walser 2016-07-27 18:55:54 CEST 
Ubuntu has issued an advisory on July 26:
http://www.ubuntu.com/usn/usn-3042-1/

This issue was fixed in KF5 5.24.0, and Ubuntu backported the patch for kdelibs4.

We've been talking about a KF5 update since Bug 15065, so it would be nice to update KF5 as much as possible for Mageia 5, but we could also just patch 5.5.0 that we have now.  Note that we currently have 5.11.0 in SVN and updates_testing.

As for kdelibs4, we have an update for that and a few other packages in Bug 17123.  We really need the KDE team to review some things there and help finalize that update.
David Walser 2016-12-30 23:40:33 CET

Depends on: (none) => 17123

Comment 1 Nicolas Lécureuil 2017-08-20 21:22:21 CEST 
pushed in updates_testing:
src.rpm:
        kdelibs4-4.14.35-1.mga5

Assignee: mageia => qa-bugs

Comment 2 David Walser 2017-08-20 22:08:20 CEST 
I don't see an update for karchive (KF5).

Assignee: qa-bugs => mageia

Comment 3 David Walser 2017-12-27 03:36:37 CET 
There won't be a KF5 update for Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => OLD