19064 – kdelibs4/karchive new security issue CVE-2016-6232

Bug 19064 - kdelibs4/karchive new security issue CVE-2016-6232

Summary: kdelibs4/karchive new security issue CVE-2016-6232

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Nicolas Lécureuil
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/695323/
Whiteboard:
Keywords:

Depends on:	17123
Blocks:
	Show dependency tree / graph

Reported:	2016-07-27 18:55 CEST by David Walser
Modified:	2017-12-27 03:36 CET (History)
CC List:	0 users

See Also:
Source RPM:	kdelibs4, karchive
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-07-27 18:55:54 CEST

Ubuntu has issued an advisory on July 26:
http://www.ubuntu.com/usn/usn-3042-1/

This issue was fixed in KF5 5.24.0, and Ubuntu backported the patch for kdelibs4.

We've been talking about a KF5 update since Bug 15065, so it would be nice to update KF5 as much as possible for Mageia 5, but we could also just patch 5.5.0 that we have now.  Note that we currently have 5.11.0 in SVN and updates_testing.

As for kdelibs4, we have an update for that and a few other packages in Bug 17123.  We really need the KDE team to review some things there and help finalize that update.

David Walser 2016-12-30 23:40:33 CET

Depends on: (none) => 17123

Comment 1 Nicolas Lécureuil 2017-08-20 21:22:21 CEST

pushed in updates_testing:
src.rpm:
        kdelibs4-4.14.35-1.mga5

Assignee: mageia => qa-bugs

Comment 2 David Walser 2017-08-20 22:08:20 CEST

I don't see an update for karchive (KF5).

Assignee: qa-bugs => mageia

Comment 3 David Walser 2017-12-27 03:36:37 CET

There won't be a KF5 update for Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => OLD

Note You need to log in before you can comment on or make changes to this bug.