Ubuntu
kcoreaddons package

Bug #1630700
Comment #9

Comment 9 for bug 1630700

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-10-09: Re: CVE - KMail - HTML injection in plain text viewer

This bug was fixed in the package kcoreaddons - 5.26.0-0ubuntu2

---------------
kcoreaddons (5.26.0-0ubuntu2) yakkety; urgency=medium

  * SECURITY UPDATE: KMail - HTML injection in plain text viewer
    (LP: #1630700)
    - debian/patches/0001-Fix-very-old-bug-when-we-remove-space-in-
      url-as-foo-.patch: Code added by upstream to fix another bug,
      but needs to be applied in advance of patch 0002
    - debian/patches/0002-Don-t-convert-as-url-an-url-which-has-a.patch:
      Fixes CVE-2016-7966
    Patches cherrypicked from Debian:
    https://anonscm.debian.org/git/pkg-kde/frameworks/kcoreaddons.git
    Commit: ab7258dd8a87668ba63c585a69f41f291254aa43
    Many thanks to Sandro Knauß for these patches

-- Clive Johnston <email address hidden> Fri, 07 Oct 2016 23:57:19 +0100

Ubuntukcoreaddons package

Comment 9 for bug 1630700

Ubuntu
kcoreaddons package