Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#58948 - [ktexteditor] backport fix for CVE-2018-10361
Attached to Project:
Arch Linux
Opened by Tommy Schmitt (spinka) - Saturday, 09 June 2018, 17:51 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 09 June 2018, 19:04 GMT
Opened by Tommy Schmitt (spinka) - Saturday, 09 June 2018, 17:51 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 09 June 2018, 19:04 GMT
|
DetailsDescription:
Recently OpenSuse developers did audit of ktexteditor polkit integration which resulted in CVE-2018-10361[1],[2]. It was fixed upstream with commit[3] which landed after 5.47 release. It would be nice to backport it to 5.47 release in Archlinux. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10361 [2] http://www.openwall.com/lists/oss-security/2018/04/24/1 [3] https://phabricator.kde.org/R39:c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590 |
This task depends upon
Closed by Antonio Rojas (arojas)
Saturday, 09 June 2018, 19:04 GMT
Reason for closing: Fixed
Additional comments about closing: ktexteditor 5.47.0-2
Saturday, 09 June 2018, 19:04 GMT
Reason for closing: Fixed
Additional comments about closing: ktexteditor 5.47.0-2