ktexteditor: CVE-2018-10361: ktexteditor privilege escalation

Related Vulnerabilities: CVE-2018-10361  

Debian Bug report logs - #896836
ktexteditor: CVE-2018-10361: ktexteditor privilege escalation

version graph

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 24 Apr 2018 18:54:02 UTC

Severity: grave

Tags: security, upstream

Found in version ktexteditor/5.37.0-2

Fixed in version ktexteditor/5.47.0-1

Done: Maximiliano Curia <maxy@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#896836; Package src:ktexteditor. (Tue, 24 Apr 2018 18:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. (Tue, 24 Apr 2018 18:54:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ktexteditor: ktexteditor / Kate local privilege escalation
Date: Tue, 24 Apr 2018 20:51:44 +0200
Source: ktexteditor
Version: 5.37.0-2
Severity: grave
Tags: security upstream


See http://www.openwall.com/lists/oss-security/2018/04/24/1 for
details (and proposed patch).


Changed Bug title to 'ktexteditor: CVE-2018-10361: ktexteditor privilege escalation' from 'ktexteditor: ktexteditor / Kate local privilege escalation'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 25 Apr 2018 06:36:02 GMT) (full text, mbox, link).

Reply sent to Maximiliano Curia <maxy@debian.org>:
You have taken responsibility. (Fri, 15 Jun 2018 11:27:07 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 15 Jun 2018 11:27:07 GMT) (full text, mbox, link).

Message #12 received at 896836-close@bugs.debian.org (full text, mbox, reply):

From: Maximiliano Curia <maxy@debian.org>
To: 896836-close@bugs.debian.org
Subject: Bug#896836: fixed in ktexteditor 5.47.0-1
Date: Fri, 15 Jun 2018 11:22:25 +0000
Source: ktexteditor
Source-Version: 5.47.0-1

We believe that the bug you reported is fixed in the latest version of
ktexteditor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 896836@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Maximiliano Curia <maxy@debian.org> (supplier of updated ktexteditor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA512

Format: 1.8
Date: Fri, 15 Jun 2018 12:10:22 +0200
Source: ktexteditor
Binary: ktexteditor-data ktexteditor-katepart libkf5texteditor-bin libkf5texteditor-dev libkf5texteditor-doc libkf5texteditor5
Architecture: source
Version: 5.47.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@debian.org>
 ktexteditor-data - provide advanced plain text editing services
 ktexteditor-katepart - provide advanced plain text editing services
 libkf5texteditor-bin - provide advanced plain text editing services (binaries)
 libkf5texteditor-dev - provide advanced plain text editing services
 libkf5texteditor-doc - provide advanced plain text editing services (documentation)
 libkf5texteditor5 - provide advanced plain text editing services
Closes: 896836
 ktexteditor (5.47.0-1) unstable; urgency=medium
   * New upstream release (5.47.0).
   * Update build-deps and deps with the info from cmake
   * CVE-2018-10361: privilege escalation (Closes: 896836)
   * Release to unstable
 8ad267366f79b7a7123f92876bc1462502ada561 3136 ktexteditor_5.47.0-1.dsc
 a5813f552e08c32e129b59471c41375dd0bb0cdd 2297056 ktexteditor_5.47.0.orig.tar.xz
 dec994c73303408532f17a6b752adf129eeaa3fa 25176 ktexteditor_5.47.0-1.debian.tar.xz
 e574c503fc82bb151c4b0913d1f23dac7562512c 15086 ktexteditor_5.47.0-1_source.buildinfo
 1a7cac5ef004acb60f3ed8a98c93add37ca339a5e247b0acf3cac2dc3a98ff45 3136 ktexteditor_5.47.0-1.dsc
 6b4ae2ea3c00dd2d7dc4c53f7760c750f8fee8aece4bcbc938064cadd34c08cc 2297056 ktexteditor_5.47.0.orig.tar.xz
 178e44d8321f0c4cdcd3dc211b853bc8d0804068af19f48f0328a1007a25d5cd 25176 ktexteditor_5.47.0-1.debian.tar.xz
 e42e57f5682c95cc25f897d826e841af20144564d5e90b73d220b884734bf390 15086 ktexteditor_5.47.0-1_source.buildinfo
 704868ab3d406adf565b09435958394b 3136 libs optional ktexteditor_5.47.0-1.dsc
 ebf18cbfa331190fdce9ecb1f23877aa 2297056 libs optional ktexteditor_5.47.0.orig.tar.xz
 2b1d4fecb1f00a4593638b9a90c1e84d 25176 libs optional ktexteditor_5.47.0-1.debian.tar.xz
 3b52cae5115b4a68d3994677f8af0f5f 15086 libs optional ktexteditor_5.47.0-1_source.buildinfo



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 28 Jul 2018 07:26:26 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:52:34 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.