CVEs have been requested for security issues fixed upstream in kmail: http://openwall.com/lists/oss-security/2016/10/04/8 The titles of the commits to fix them are listed, but no links are provided.
Whiteboard: (none) => MGA5TOO
CVE-2016-796[6-8]: http://www.openwall.com/lists/oss-security/2016/10/05/1
Summary: kmail (kdepim4, kdepim) new security issues fixed upstream => kmail (kdepim4, kdepim) new security issues fixed upstream (CVE-2016-796[6-8])
URL: (none) => http://lwn.net/Vulnerabilities/703104/
Upstream advisory: https://www.kde.org/info/security/advisory-20161006-1.txt
LWN reference for the other two CVEs: http://lwn.net/Vulnerabilities/703105/
CC: (none) => mageiaVersion: Cauldron => 5Whiteboard: MGA5TOO => (none)
Unless I missed something, the patch for kdepimlibs4 still needs to be applied in Cauldron.
Version: 5 => CauldronWhiteboard: (none) => MGA5TOO
Summary: kmail (kdepim4, kdepim) new security issues fixed upstream (CVE-2016-796[6-8]) => kmail (kdepimlibs4) new security issues fixed upstream (CVE-2016-7966)Source RPM: kdepim4-4.14.5-1.mga5.src.rpm, kdepim-16.08.1-5.mga6.src.rpm => kdepimlibs4-4.14.5-1.mga5.src.rpm
Unfortunately the git commit link from the upstream advisory no longer works.
Patch added by Fedora in this commit: http://pkgs.fedoraproject.org/cgit/rpms/kdepimlibs.git/commit/?h=f24&id=b92d96243457b043c61d0b0b662fc114586dd685
kdepimlibs4-4.14.10-14.mga6 submitted for Cauldron with the fix.
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
Depends on: (none) => 17123
Fedora has issued an advisory for CVE-2016-7968 on June 26: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C5TGECM37KQEMCLQKNCGQDAOTJOSEZGH/
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=21100
(In reply to David Walser from comment #8) > Fedora has issued an advisory for CVE-2016-7968 on June 26: > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/C5TGECM37KQEMCLQKNCGQDAOTJOSEZGH/ I believe we've fixed CVE-2016-7966 with: http://advisories.mageia.org/MGAA-2017-0066.html but I think we may still need to address the above issue from Comment 8.
I synced our kdepimlibs with upstream 4.14 branch which added a lot of fixes ( 35 see : https://cgit.kde.org/kdepimlibs.git/log/?h=KDE/4.14 fixes this bug and add more fixes. src.rpm: kdepimlibs4-4.14.10-2.2.mga5 kdepim4-4.14.10-1.2.mga5 kdepim4-runtime-4.14.10-2.1.mga5 akonadi-1.13.0-4.1.mga5
(In reply to David Walser from comment #9) > (In reply to David Walser from comment #8) > > Fedora has issued an advisory for CVE-2016-7968 on June 26: > > https://lists.fedoraproject.org/archives/list/package-announce@lists. > > fedoraproject.org/thread/C5TGECM37KQEMCLQKNCGQDAOTJOSEZGH/ > > I believe we've fixed CVE-2016-7966 with: > http://advisories.mageia.org/MGAA-2017-0066.html > > but I think we may still need to address the above issue from Comment 8. patch added on the svn. I will upload soon
Pushed in updates_testing among other fixes: src.rpm: kdepimlibs4-4.14.10-2.2.mga5 kdepim4-4.14.10-1.3.mga5 kdepim4-runtime-4.14.10-2.1.mga5 akonadi-1.13.0-4.1.mga5
Assignee: kde => qa-bugs
Advisory: ---------------------------------------- The kdepimlibs4, kdepim4, kdepim4-runtime, and akonadi packages have been updated to include the latest bug fixes from upstream. This includes a fix for an issue where the Send Later function in kmail would cause an e-mail that had been designated to be sent encrypted would be sent in plain text instead. References: https://cgit.kde.org/kdepimlibs.git/log/?h=KDE/4.14 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C5TGECM37KQEMCLQKNCGQDAOTJOSEZGH/ ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- kdepim4-4.14.10-1.3.mga5 kdepim4-core-4.14.10-1.3.mga5 libmailimporter4-4.14.10-1.3.mga5 libkaddressbookprivate4-4.14.10-1.3.mga5 libkontactprivate4-4.14.10-1.3.mga5 libkorganizer_core4-4.14.10-1.3.mga5 libkdepim4-4.14.10-1.3.mga5 libkpgp4-4.14.10-1.3.mga5 kleopatra-4.14.10-1.3.mga5 kleopatra-handbook-4.14.10-1.3.mga5 libksieve4-4.14.10-1.3.mga5 libakregatorinterfaces4-4.14.10-1.3.mga5 libakregatorprivate4-4.14.10-1.3.mga5 akregator-4.14.10-1.3.mga5 akregator-handbook-4.14.10-1.3.mga5 libknodecommon4-4.14.10-1.3.mga5 knode-4.14.10-1.3.mga5 knode-handbook-4.14.10-1.3.mga5 kaddressbook-4.14.10-1.3.mga5 kaddressbook-handbook-4.14.10-1.3.mga5 blogilo-4.14.10-1.3.mga5 blogilo-handbook-4.14.10-1.3.mga5 libmessagecore4-4.14.10-1.3.mga5 kalarm-4.14.10-1.3.mga5 kalarm-handbook-4.14.10-1.3.mga5 ktimetracker-4.14.10-1.3.mga5 ktimetracker-handbook-4.14.10-1.3.mga5 libkmailprivate4-4.14.10-1.3.mga5 kmail-4.14.10-1.3.mga5 kmail-handbook-4.14.10-1.3.mga5 ktnef-4.14.10-1.3.mga5 ktnef-handbook-4.14.10-1.3.mga5 messageviewer-4.14.10-1.3.mga5 kincidenceeditor-4.14.10-1.3.mga5 kmailcvt-4.14.10-1.3.mga5 knotes-4.14.10-1.3.mga5 knotes-handbook-4.14.10-1.3.mga5 kontact-4.14.10-1.3.mga5 kontact-handbook-4.14.10-1.3.mga5 libkorganizer_interfaces4-4.14.10-1.3.mga5 korganizer-4.14.10-1.3.mga5 korganizer-handbook-4.14.10-1.3.mga5 libkorganizerprivate4-4.14.10-1.3.mga5 libmessagelist4-4.14.10-1.3.mga5 libkcal_resourceblog4-4.14.10-1.3.mga5 libkcal_resourceremote4-4.14.10-1.3.mga5 libkleopatraclientcore0-4.14.10-1.3.mga5 libkleo4-4.14.10-1.3.mga5 kdepim4-kresources-4.14.10-1.3.mga5 kjots-4.14.10-1.3.mga5 kjots-handbook-4.14.10-1.3.mga5 ksendemail-4.14.10-1.3.mga5 akonadiconsole-4.14.10-1.3.mga5 libcalendarsupport4-4.14.10-1.3.mga5 libcalendarsupportcollectionpage4-4.14.10-1.3.mga5 libeventviews4-4.14.10-1.3.mga5 libincidenceeditorsng4-4.14.10-1.3.mga5 libincidenceeditorsngmobile4-4.14.10-1.3.mga5 libkdepimdbusinterfaces4-4.14.10-1.3.mga5 libkdgantt20-4.14.10-1.3.mga5 libkleopatraclientgui0-4.14.10-1.3.mga5 libkmanagesieve4-4.14.10-1.3.mga5 libksieveui4-4.14.10-1.3.mga5 libmailcommon4-4.14.10-1.3.mga5 libmessageviewer4-4.14.10-1.3.mga5 libmessagecomposer4-4.14.10-1.3.mga5 libtemplateparser4-4.14.10-1.3.mga5 libsendlater4-4.14.10-1.3.mga5 libfollowupreminder4-4.14.10-1.3.mga5 libakonadi-next4-4.14.10-1.3.mga5 libpimcommon4-4.14.10-1.3.mga5 libcomposereditorng4-4.14.10-1.3.mga5 libgrantleetheme4-4.14.10-1.3.mga5 libgrantleethemeeditor4-4.14.10-1.3.mga5 libkaddressbookgrantlee4-4.14.10-1.3.mga5 libknotesprivate4-4.14.10-1.3.mga5 libnoteshared4-4.14.10-1.3.mga5 libpimsettingexporterprivate4-4.14.10-1.3.mga5 kdepim4-devel-4.14.10-1.3.mga5 kdepimlibs4-core-4.14.10-2.2.mga5 kdepimlibs4-handbooks-4.14.10-2.2.mga5 kio4-imap-4.14.10-2.2.mga5 kio4-pop3-4.14.10-2.2.mga5 kio4-ldap-4.14.10-2.2.mga5 kio4-sieve-4.14.10-2.2.mga5 kio4-mbox-4.14.10-2.2.mga5 kio4-smtp-4.14.10-2.2.mga5 kio4-nntp-4.14.10-2.2.mga5 libkabc4-4.14.10-2.2.mga5 libkblog4-4.14.10-2.2.mga5 libkabc_file_core4-4.14.10-2.2.mga5 libkcal4-4.14.10-2.2.mga5 libkimap4-4.14.10-2.2.mga5 libkldap4-4.14.10-2.2.mga5 libkmbox4-4.14.10-2.2.mga5 libkmime4-4.14.10-2.2.mga5 libkpimutils4-4.14.10-2.2.mga5 libkresources4-4.14.10-2.2.mga5 libktnef4-4.14.10-2.2.mga5 libkxmlrpcclient4-4.14.10-2.2.mga5 libmailtransport4-4.14.10-2.2.mga5 libsyndication4-4.14.10-2.2.mga5 libqgpgme1-4.14.10-2.2.mga5 libgpgme++2-4.14.10-2.2.mga5 libkpimidentities4-4.14.10-2.2.mga5 libakonadi-kde4-4.14.10-2.2.mga5 libakonadi-kabc4-4.14.10-2.2.mga5 libakonadi-kmime4-4.14.10-2.2.mga5 libakonadi-notes4-4.14.10-2.2.mga5 libkalarmcal2-4.14.10-2.2.mga5 libkholidays4-4.14.10-2.2.mga5 libkpimtextedit4-4.14.10-2.2.mga5 libmicroblog4-4.14.10-2.2.mga5 libakonadi-contact4-4.14.10-2.2.mga5 libakonadi-kcal4-4.14.10-2.2.mga5 libkontactinterface4-4.14.10-2.2.mga5 libakonadi-calendar4-4.14.10-2.2.mga5 libakonadi_socialutils4-4.14.10-2.2.mga5 libkcalcore4-4.14.10-2.2.mga5 libkcalutils4-4.14.10-2.2.mga5 libakonadi-xml4-4.14.10-2.2.mga5 kdepimlibs4-devel-4.14.10-2.2.mga5 akonadi-kde-4.14.10-2.1.mga5 libkdepim-copy4-4.14.10-2.1.mga5 libmaildir4-4.14.10-2.1.mga5 libakonadi-filestore4-4.14.10-2.1.mga5 libkmindexreader4-4.14.10-2.1.mga5 libfolderarchivesettings4-4.14.10-2.1.mga5 kdepim4-runtime-devel-4.14.10-2.1.mga5 akonadi-1.13.0-4.1.mga5 libakonadiprotocolinternals1-1.13.0-4.1.mga5 libakonadi-devel-1.13.0-4.1.mga5 from SRPMS: kdepimlibs4-4.14.10-2.2.mga5.src.rpm kdepim4-4.14.10-1.3.mga5.src.rpm kdepim4-runtime-4.14.10-2.1.mga5.src.rpm akonadi-1.13.0-4.1.mga5.src.rpm
Installed and tested without issues. Have been using, like usual, the updated kontact, akonadi, kmail, akregator, korganizer, akregator, etc for the last two days without issues. System: Mageia 5, x86_64, Plasma, Intel CPU, nVidia GPU with proprietary driver nvidia340. $ LANGUAGE=C ; for U in $(cat packages.txt) ; do rpm -q "$U" ; done | grep -v "not installed" kdepim4-4.14.10-1.3.mga5 kdepim4-core-4.14.10-1.3.mga5 kleopatra-4.14.10-1.3.mga5 kleopatra-handbook-4.14.10-1.3.mga5 akregator-4.14.10-1.3.mga5 akregator-handbook-4.14.10-1.3.mga5 knode-4.14.10-1.3.mga5 knode-handbook-4.14.10-1.3.mga5 kaddressbook-4.14.10-1.3.mga5 kaddressbook-handbook-4.14.10-1.3.mga5 blogilo-4.14.10-1.3.mga5 blogilo-handbook-4.14.10-1.3.mga5 kalarm-4.14.10-1.3.mga5 kalarm-handbook-4.14.10-1.3.mga5 ktimetracker-4.14.10-1.3.mga5 ktimetracker-handbook-4.14.10-1.3.mga5 kmail-4.14.10-1.3.mga5 kmail-handbook-4.14.10-1.3.mga5 messageviewer-4.14.10-1.3.mga5 kmailcvt-4.14.10-1.3.mga5 knotes-4.14.10-1.3.mga5 knotes-handbook-4.14.10-1.3.mga5 kontact-4.14.10-1.3.mga5 kontact-handbook-4.14.10-1.3.mga5 korganizer-4.14.10-1.3.mga5 korganizer-handbook-4.14.10-1.3.mga5 kdepim4-kresources-4.14.10-1.3.mga5 ksendemail-4.14.10-1.3.mga5 kdepimlibs4-core-4.14.10-2.2.mga5 kdepimlibs4-handbooks-4.14.10-2.2.mga5 kio4-imap-4.14.10-2.2.mga5 kio4-pop3-4.14.10-2.2.mga5 kio4-ldap-4.14.10-2.2.mga5 kio4-sieve-4.14.10-2.2.mga5 kio4-mbox-4.14.10-2.2.mga5 kio4-smtp-4.14.10-2.2.mga5 kio4-nntp-4.14.10-2.2.mga5 kdepimlibs4-devel-4.14.10-2.2.mga5 akonadi-kde-4.14.10-2.1.mga5 akonadi-1.13.0-4.1.mga5
CC: (none) => mageiaWhiteboard: (none) => MGA5-64-OK
@ PC_LX : thanks yet again for a thorough test. Advisory from Comment 13 uploaded. Validating as this is Mageia 5 only with a good 64-bit OK.
Whiteboard: MGA5-64-OK => MGA5-64-OK advisoryKeywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0315.html
Status: NEW => RESOLVEDResolution: (none) => FIXED