group.of.nepali.translators team mailing list archive

[Simon Quigley <tsimonq2@xxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

KDE Project Security Advisory
=============================

Title:          Konversation: Crash in IRC message parsing
Risk Rating:    High
CVE:            CVE-2017-15923
Versions:       konversation <= 1.7.2
Date:           12 November 2017


Overview
========
Konversation has support for colors in IRC messages. Any malicious user connected to the
same IRC network can send a carefully crafted message that will crash the Konversation user client.


Workaround
==========
Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom)

Solution
========
Update to Konversation > 1.7.2

Or apply the following patches:
1.7: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=34cc9556c1a089fac6b674d3bd6f2248e9512902
1.6: https://cgit.kde.org/konversation.git/commit/?h=1.6&id=cebf8d7658b0e3afb0292c273704ec4d2ea4019f
1.5: https://cgit.kde.org/konversation.git/commit/?h=1.5&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
1.4: the patch for 1.5 will apply, but you should upgrade

Credits
=======
Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.

** Affects: kubuntu-ppa
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu)
     Importance: High
         Status: Fix Released

** Affects: konversation (Ubuntu Trusty)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Xenial)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Zesty)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Artful)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Bionic)
     Importance: High
         Status: Fix Released

** Also affects: konversation (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: konversation (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: konversation (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: konversation (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Also affects: konversation (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Changed in: konversation (Ubuntu Bionic)
       Status: New => Fix Released

** Changed in: konversation (Ubuntu Trusty)
       Status: New => Triaged

** Changed in: konversation (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: konversation (Ubuntu Zesty)
       Status: New => Triaged

** Changed in: konversation (Ubuntu Artful)
       Status: New => Triaged

** Changed in: konversation (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: konversation (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: konversation (Ubuntu Zesty)
   Importance: Undecided => High

** Changed in: konversation (Ubuntu Artful)
   Importance: Undecided => High

** Changed in: konversation (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: konversation (Ubuntu Trusty)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: konversation (Ubuntu Xenial)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: konversation (Ubuntu Zesty)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: konversation (Ubuntu Artful)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15923

** Also affects: kubuntu-ppa
   Importance: Undecided
       Status: New

** Changed in: kubuntu-ppa
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kubuntu-ppa
   Importance: Undecided => High

** Changed in: kubuntu-ppa
       Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1731797

Title:
  [CVE] Crash in IRC message parsing

Status in Kubuntu PPA:
  Triaged
Status in konversation package in Ubuntu:
  Fix Released
Status in konversation source package in Trusty:
  Triaged
Status in konversation source package in Xenial:
  Triaged
Status in konversation source package in Zesty:
  Triaged
Status in konversation source package in Artful:
  Triaged
Status in konversation source package in Bionic:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =============================

  Title:          Konversation: Crash in IRC message parsing
  Risk Rating:    High
  CVE:            CVE-2017-15923
  Versions:       konversation <= 1.7.2
  Date:           12 November 2017

  
  Overview
  ========
  Konversation has support for colors in IRC messages. Any malicious user connected to the
  same IRC network can send a carefully crafted message that will crash the Konversation user client.

  
  Workaround
  ==========
  Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom)

  Solution
  ========
  Update to Konversation > 1.7.2

  Or apply the following patches:
  1.7: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=34cc9556c1a089fac6b674d3bd6f2248e9512902
  1.6: https://cgit.kde.org/konversation.git/commit/?h=1.6&id=cebf8d7658b0e3afb0292c273704ec4d2ea4019f
  1.5: https://cgit.kde.org/konversation.git/commit/?h=1.5&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
  1.4: the patch for 1.5 will apply, but you should upgrade

  Credits
  =======
  Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-ppa/+bug/1731797/+subscriptions