Hey, > I tried to backport the CVE-2016-7966 fix commit to kf 5.26 and it didn't > apply cleanly, it would be nice if the advisory includes the list of the > commits to backport, or maybe a new 5.26.1 kcoreaddons bugfix release.
Yes another patch is missing there - I already informed them and hopefully they will update the infos. I also asked if they will ship a updated 5.26 version. > About: https://www.kde.org/info/security/advisory-20161006-3.txt > > Via irc you mentioned that non qtwebengine versions are affected by this as > well, that contradict the versions listed in the advisory message. As you > know, we are currently using qt 5.6 and messagelib from 16.04, which set of > patches should we include? No I misread the CVE. There is nothing to do here. Regards, sandro
signature.asc
Description: This is a digitally signed message part.
-- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk