Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ktexteditor: CVE-2018-10361: ktexteditor privilege escalation

Related Vulnerabilities: CVE-2018-10361  

Source

Debian Bug report logs - #896836
ktexteditor: CVE-2018-10361: ktexteditor privilege escalation

version graph

Package: src:ktexteditor; Maintainer for src:ktexteditor is Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 24 Apr 2018 18:54:02 UTC

Severity: grave

Tags: security, upstream

Found in version ktexteditor/5.37.0-2

Fixed in version ktexteditor/5.47.0-1

Done: Maximiliano Curia <maxy@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#896836; Package src:ktexteditor. (Tue, 24 Apr 2018 18:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. (Tue, 24 Apr 2018 18:54:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ktexteditor: ktexteditor / Kate local privilege escalation
Date: Tue, 24 Apr 2018 20:51:44 +0200
Source: ktexteditor
Version: 5.37.0-2
Severity: grave
Tags: security upstream

Hi

See http://www.openwall.com/lists/oss-security/2018/04/24/1 for
details (and proposed patch).

Regards,
Salvatore

Changed Bug title to 'ktexteditor: CVE-2018-10361: ktexteditor privilege escalation' from 'ktexteditor: ktexteditor / Kate local privilege escalation'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 25 Apr 2018 06:36:02 GMT) (full text, mbox, link).

Reply sent to Maximiliano Curia <maxy@debian.org>:
You have taken responsibility. (Fri, 15 Jun 2018 11:27:07 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 15 Jun 2018 11:27:07 GMT) (full text, mbox, link).

Message #12 received at 896836-close@bugs.debian.org (full text, mbox, reply):

From: Maximiliano Curia <maxy@debian.org>
To: 896836-close@bugs.debian.org
Subject: Bug#896836: fixed in ktexteditor 5.47.0-1
Date: Fri, 15 Jun 2018 11:22:25 +0000
Source: ktexteditor
Source-Version: 5.47.0-1

We believe that the bug you reported is fixed in the latest version of
ktexteditor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 896836@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maximiliano Curia <maxy@debian.org> (supplier of updated ktexteditor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Jun 2018 12:10:22 +0200
Source: ktexteditor
Binary: ktexteditor-data ktexteditor-katepart libkf5texteditor-bin libkf5texteditor-dev libkf5texteditor-doc libkf5texteditor5
Architecture: source
Version: 5.47.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@debian.org>
Description:
 ktexteditor-data - provide advanced plain text editing services
 ktexteditor-katepart - provide advanced plain text editing services
 libkf5texteditor-bin - provide advanced plain text editing services (binaries)
 libkf5texteditor-dev - provide advanced plain text editing services
 libkf5texteditor-doc - provide advanced plain text editing services (documentation)
 libkf5texteditor5 - provide advanced plain text editing services
Closes: 896836
Changes:
 ktexteditor (5.47.0-1) unstable; urgency=medium
 .
   * New upstream release (5.47.0).
   * Update build-deps and deps with the info from cmake
   * CVE-2018-10361: privilege escalation (Closes: 896836)
   * Release to unstable
Checksums-Sha1:
 8ad267366f79b7a7123f92876bc1462502ada561 3136 ktexteditor_5.47.0-1.dsc
 a5813f552e08c32e129b59471c41375dd0bb0cdd 2297056 ktexteditor_5.47.0.orig.tar.xz
 dec994c73303408532f17a6b752adf129eeaa3fa 25176 ktexteditor_5.47.0-1.debian.tar.xz
 e574c503fc82bb151c4b0913d1f23dac7562512c 15086 ktexteditor_5.47.0-1_source.buildinfo
Checksums-Sha256:
 1a7cac5ef004acb60f3ed8a98c93add37ca339a5e247b0acf3cac2dc3a98ff45 3136 ktexteditor_5.47.0-1.dsc
 6b4ae2ea3c00dd2d7dc4c53f7760c750f8fee8aece4bcbc938064cadd34c08cc 2297056 ktexteditor_5.47.0.orig.tar.xz
 178e44d8321f0c4cdcd3dc211b853bc8d0804068af19f48f0328a1007a25d5cd 25176 ktexteditor_5.47.0-1.debian.tar.xz
 e42e57f5682c95cc25f897d826e841af20144564d5e90b73d220b884734bf390 15086 ktexteditor_5.47.0-1_source.buildinfo
Files:
 704868ab3d406adf565b09435958394b 3136 libs optional ktexteditor_5.47.0-1.dsc
 ebf18cbfa331190fdce9ecb1f23877aa 2297056 libs optional ktexteditor_5.47.0.orig.tar.xz
 2b1d4fecb1f00a4593638b9a90c1e84d 25176 libs optional ktexteditor_5.47.0-1.debian.tar.xz
 3b52cae5115b4a68d3994677f8af0f5f 15086 libs optional ktexteditor_5.47.0-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAlsjnN0ACgkQxxl2mbKb
Iyp9ow//baPviS1k4GLz50bPFT1a2fxWg8xthVdhbbMvalisVWlA9grTIQ86EcLb
88kYYlIJcgFl7rO8YZhrnJTAgtCxGyS17dK1qVWvA37XAD35Weam8SWvpxJtsihq
G1m95FGMXiP34f3PHlfm1lZ2cyAJQjaKOb8xjFm1ZS2XD4mxmhORd9j62AMCBlq0
54ec7ZHh0VEOicSbmSeJ87/ukEzAsFd1EH0SfkBwIk23Q5wESwxVDu+oWAaEgTur
1MDt5r5E16Qnwj2ytviXTFCaIA0PWMsvH1ha1fGmp6XdxJaYHS1PZSSE9yJmhdwW
ewgvGVLpqm0EgARo/5/mUZsL9EvoSWI0O+5SJ18R8YSPS23foZNH/0lIVHJICxJk
ug8sv//hwFquUpIymfptfpAfYqK60hLkXbT5Mqg48er7DWETpFD7BuQ51JZJ5d+C
iFrIJNwCZL2/Anr1hU3zxfAMkx9PgnClTuuSknVEzlJ81Mv9bLqE7qFmmqgXZba3
z4GFEf3EXWbgIDVsEDYL9c9tYjPs/78hP36Nd+dG3eewWMZlqEHFJVjFKpno1jbo
3/xbqErYeNx0RRwOzMMaee/xau74vGOK+Ze0mAvJzPybQTh4dcJDoOa+lR7T4jkx
/i/D/HQLmyWGc2Tw13IvuP8gMxBxx6KR7ZyqzMqFMYikG66CNjM=
=8vYm
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 28 Jul 2018 07:26:26 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:52:34 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started