Upstream has issued an advisory on November 11: https://konversation.kde.org/ Debian has issued an advisory for this on November 13: https://www.debian.org/security/2017/dsa-4033 The issue is fixed upstream in 1.7.3, already in Cauldron. A patch for 1.5.x (Mageia 5) can be obtained from upstream's git or Debian.
CC: (none) => geiger.david68210Whiteboard: (none) => MGA5TOO
Done also for mga5 and mga6!
Advisory: ======================== Updated konversation package fixes security vulnerability: Joseph Bisch discovered that Konversation could crash when parsing certain IRC color formatting codes (CVE-2017-15923). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15923 https://konversation.kde.org/ https://www.debian.org/security/2017/dsa-4033 ======================== Updated packages in core/updates_testing: ======================== konversation-1.5.1-1.1.mga5 konversation-1.7.3-1.mga6 from SRPMS: konversation-1.5.1-1.1.mga5.src.rpm konversation-1.7.3-1.mga6.src.rpm
Assignee: rverschelde => qa-bugsCC: (none) => rverschelde
MGA5-32 on Asus A6000VM Xfce No installation issues Started konversation and connected to #mageia, posted and got a reply. OK for me.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
MGA6-32 on Asus A6000VM MATE No installation issues Connected to #mageia-qa, could post, got no answer. Presumed to be working.
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-32-OK
In VirtualBox, M6, Plasma, 64-bit Package(s) under test: konversation default install of konversation [root@localhost wilcal]# urpmi konversation Package konversation-1.7.2-1.mga6.x86_64 is already installed Konversation opens and I can get to #mageia, #mageia-qa & #mageia-meeting and post a message to all of them. install konversation from updates_testing [root@localhost wilcal]# urpmi konversation Package konversation-1.7.3-1.mga6.x86_64 is already installed Konversation opens and I can get to #mageia, #mageia-qa & #mageia-meeting and post a message to all of them.
CC: (none) => wilcal.int
Whiteboard: MGA5TOO MGA5-32-OK MGA6-32-OK => MGA5TOO MGA5-32-OK MGA6-32-OK MGA6-64-OK
In VirtualBox, M5.1, KDE, 64-bit Package(s) under test: konversation default install of konversation [root@localhost wilcal]# urpmi konversation Package konversation-1.5.1-1.mga5.x86_64 is already installed Konversation opens and I can get to #mageia, #mageia-qa & #mageia-meeting and post a message to all of them. install konversation from updates_testing [root@localhost wilcal]# urpmi konversation Package konversation-1.5.1-1.1.mga5.x86_64 is already installed Konversation opens and I can get to #mageia, #mageia-qa & #mageia-meeting and post a message to all of them.
Whiteboard: MGA5TOO MGA5-32-OK MGA6-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK MGA6-64-OK
This update works fine. Testing complete for Mageia 5 & 6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0419.html
Status: NEW => RESOLVEDResolution: (none) => FIXED