A CVE has been assigned for a security issue fixed upstream on October 26:
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Updated konversation package fixes security vulnerability:
Due to and out-of-bounds read issue in Konversation in The ECB Blowfish
decryption function, a malicious client can cause either denial of service or
disclosure of information from process memory by using an improperly formed
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing complete Mageia 3 x86_64.
MGA3TOO MGA3-64-OK =>
MGA3TOO MGA3-64-OK advisory
Updated konversation working fine on Mageia 4 i586.
MGA3TOO MGA3-64-OK advisory =>
MGA3TOO MGA3-64-OK MGA4-32-OK advisory
Testing complete for the new konversation-1.5-0.rc1.3.mga4, ok for me, all seems to work properly.
I use Konversation daily.
MGA3TOO MGA3-64-OK MGA4-32-OK advisory =>
MGA3TOO MGA3-64-OK MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository.