Debian Bug report logs -
#710497
kdeplasma-addons: CVE-2013-2120
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 31 May 2013 11:42:17 UTC
Severity: important
Tags: security
Fixed in version 4:5.3.2-2
Done: Scott Kitterman <scott@kitterman.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#710497; Package kdeplasma-addons.
(Fri, 31 May 2013 11:42:22 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>.
(Fri, 31 May 2013 11:42:22 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: kdeplasma-addons
Severity: important
Tags: security
Please see http://seclists.org/oss-sec/2013/q2/429
Once an upstream fix is available, we can fix this in
a point update.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#710497; Package kdeplasma-addons.
(Wed, 26 Jun 2013 05:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>.
(Wed, 26 Jun 2013 05:54:04 GMT) (full text, mbox, link).
Message #10 received at 710497@bugs.debian.org (full text, mbox, reply):
Hi Qt/KDE maintainers,
On Fri, May 31, 2013 at 01:39:50PM +0200, Moritz Muehlenhoff wrote:
> Package: kdeplasma-addons
> Severity: important
> Tags: security
>
> Please see http://seclists.org/oss-sec/2013/q2/429
>
> Once an upstream fix is available, we can fix this in
> a point update.
Short note on this: Upstream proposed fix, which was pushed to Ubuntu
and Fedora already, is incomplete/still weak, see [1], so please do
not add this patch alone. Some discussion is happening on [2] and
[3].
[1] http://marc.info/?l=oss-security&m=137222323420860&w=2
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2120
[3] https://bugs.launchpad.net/ubuntu/%2Bsource/kdeplasma-addons/%2Bbug/1179380
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#710497; Package kdeplasma-addons.
(Mon, 07 Sep 2015 21:57:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Scott Kitterman <scott@kitterman.com>:
Extra info received and forwarded to list. Copy sent to Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>.
(Mon, 07 Sep 2015 21:57:07 GMT) (full text, mbox, link).
Message #15 received at 710497@bugs.debian.org (full text, mbox, reply):
On Fri, 31 May 2013 13:39:50 +0200 Moritz Muehlenhoff <jmm@inutil.org> wrote:
> Package: kdeplasma-addons
> Severity: important
> Tags: security
>
> Please see http://seclists.org/oss-sec/2013/q2/429
>
> Once an upstream fix is available, we can fix this in
> a point update.
The paste applet was dropped in kdeplasma-addons 5.1, so this issue is no
longer applicable to testing/unstable.
Scott K
Marked as fixed in versions 4:5.3.2-2.
Request was from Scott Kitterman <scott@kitterman.com>
to control@bugs.debian.org.
(Mon, 07 Sep 2015 21:57:10 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Scott Kitterman <scott@kitterman.com>
to control@bugs.debian.org.
(Mon, 07 Sep 2015 21:57:11 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Mon, 07 Sep 2015 21:57:12 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug#710497.
(Mon, 07 Sep 2015 21:57:18 GMT) (full text, mbox, link).
Message #24 received at 710497-submitter@bugs.debian.org (full text, mbox, reply):
close 710497 4:5.3.2-2
thanks
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 06 Oct 2015 07:40:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:23:45 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon