Your message dated Tue, 16 Aug 2016 22:34:57 +0000 with message-id <e1bzmwj-0002g3...@franck.debian.org> and subject line Bug#832620: fixed in kde4libs 4:4.14.2-5+deb8u1 has caused the Debian Bug report #832620, regarding kde4libs: CVE-2016-6232: Extraction of tar files possible to arbitrary system locations to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 832620: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832620 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: kde4libs Version: 4:4.8.4-4 Severity: important Tags: security upstream Hi, the following vulnerability was published for kde4libs. CVE-2016-6232[0]: Extraction of tar files possible to arbitrary system locations Please note [1], were Balint noticed that the patch in 4:4.14.22-1 was incomplete. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6232 [1] https://lists.debian.org/debian-lts/2016/07/msg00144.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: kde4libs Source-Version: 4:4.14.2-5+deb8u1 We believe that the bug you reported is fixed in the latest version of kde4libs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 832...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated kde4libs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Aug 2016 15:33:57 +0200 Source: kde4libs Binary: libkdecore5 libkdeui5 libkpty4 libkdesu5 libkjsapi4 libkjsembed4 libkio5 libkntlm4 libsolid4 libkde3support4 libkfile4 libknewstuff2-4 libknewstuff3-4 libkparts4 libkutils4 libthreadweaver4 libkhtml5 libkimproxy4 libkmediaplayer4 libktexteditor4 libknotifyconfig4 libkdnssd4 libkrosscore4 libkrossui4 libnepomuk4 libnepomukutils4 libnepomukquery4a libplasma3 libkunitconversion4 libkdewebkit5 libkcmutils4 libkemoticons4 libkidletime4 libkprintutils4 libkdeclarative5 kdelibs-bin kdelibs5-plugins kdelibs5-data kdoctools kdelibs5-dev kdelibs5-dbg Architecture: all source Version: 4:4.14.2-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 832620 Description: kdelibs-bin - core executables for KDE Applications kdelibs5-data - core shared data for all KDE Applications kdelibs5-dbg - debugging symbols for the KDE Development Platform libraries kdelibs5-dev - development files for the KDE Development Platform libraries kdelibs5-plugins - core plugins for KDE Applications kdoctools - various tools for accessing application documentation libkcmutils4 - utility classes for using KCM modules libkde3support4 - KDE 3 Support Library for the KDE 4 Platform libkdeclarative5 - declarative library for plasma libkdecore5 - KDE Platform Core Library libkdesu5 - Console-mode Authentication Library for the KDE Platform libkdeui5 - KDE Platform User Interface Library libkdewebkit5 - KDE WebKit Library libkdnssd4 - DNS-SD Protocol Library for the KDE Platform libkemoticons4 - utility classes to deal with emoticon themes libkfile4 - File Selection Dialog Library for KDE Platform libkhtml5 - KHTML Web Content Rendering Engine libkidletime4 - library to provide information about idle time libkimproxy4 - Instant Messaging Interface Library for the KDE Platform libkio5 - Network-enabled File Management Library for the KDE Platform libkjsapi4 - KJS API Library for the KDE Development Platform libkjsembed4 - library for binding JavaScript objects to QObjects libkmediaplayer4 - KMediaPlayer Interface for the KDE Platform libknewstuff2-4 - "Get Hot New Stuff" v2 Library for the KDE Platform libknewstuff3-4 - "Get Hot New Stuff" v3 Library for the KDE Platform libknotifyconfig4 - library for configuring KDE Notifications libkntlm4 - NTLM Authentication Library for the KDE Platform libkparts4 - Framework for the KDE Platform Graphical Components libkprintutils4 - utility classes to deal with printing libkpty4 - Pseudo Terminal Library for the KDE Platform libkrosscore4 - Kross Core Library libkrossui4 - Kross UI Library libktexteditor4 - KTextEditor interfaces for the KDE Platform libkunitconversion4 - Unit Conversion library for the KDE Platform libkutils4 - dummy transitional library libnepomuk4 - Nepomuk Meta Data Library libnepomukquery4a - Nepomuk Query Library for the KDE Platform libnepomukutils4 - Nepomuk Utility Library libplasma3 - Plasma Library for the KDE Platform libsolid4 - Solid Library for KDE Platform libthreadweaver4 - ThreadWeaver Library for the KDE Platform Changes: kde4libs (4:4.14.2-5+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-6232: Extraction of tar files possible to arbitrary system locations (Closes: #832620) Checksums-Sha1: 8600a11bcefc5475689b6be885683fa9b09e52ca 5557 kde4libs_4.14.2-5+deb8u1.dsc 3b60a2458efec1081678f4cb0952f97c219b74b9 11597872 kde4libs_4.14.2.orig.tar.xz cc25c248b8369332a816c441c9efff82254a8e1b 265356 kde4libs_4.14.2-5+deb8u1.debian.tar.xz 2897408d9ea4b15fb650195413c5c90d62859b39 2921374 kdelibs5-data_4.14.2-5+deb8u1_all.deb Checksums-Sha256: 245543f3f32dbad57614ca10b04f9df7b0e3a9e65aff6098a395d11da0768856 5557 kde4libs_4.14.2-5+deb8u1.dsc 39745a77f019cc1280374aa5de02fbf961393d1045059aa811fc374e0afd895b 11597872 kde4libs_4.14.2.orig.tar.xz 02fe3ea76e3b59f554af762cf210841f9b1698673aabc1afdf7209fab0444b5a 265356 kde4libs_4.14.2-5+deb8u1.debian.tar.xz 927bbe2da34d01f176040bdb6cbaa44f01ce92d1d4b9d3ee8c479ad0595b2df1 2921374 kdelibs5-data_4.14.2-5+deb8u1_all.deb Files: 187a03ca4fb4286a9161bb393f0ef525 5557 libs optional kde4libs_4.14.2-5+deb8u1.dsc a0f5dff706c03ff19b99bc2c51f8de2c 11597872 libs optional kde4libs_4.14.2.orig.tar.xz bcd00194b0f40e00de25166bff61578c 265356 libs optional kde4libs_4.14.2-5+deb8u1.debian.tar.xz b970f4ef58da3a7c862a4364d7fc83d7 2921374 libs optional kdelibs5-data_4.14.2-5+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXpfNFAAoJEAVMuPMTQ89EcEMP/iWH2D4AHFx1Xz5tWP+RjNi+ 1S2WpVjZP8oCJEVNxVFFvoaHuRpdNh2bxDtNt+oU1EB490Ks/XnD1Je0zNEGXC5u FPZ1Pb0X0+otp2YYRclMMklw+57KE+a2BypHZgd/mbsTLEavbiucqqzmoUOwCarl kDYDuLnSND9QgVDQhsv8KufK2dNqSISBZUuf+rbkppZFRYE1oluPvhUGeN+ZPr8V QMqK24q/WO0WRsa8A8xvVeaWCcwu6/2wVA41fJe5/LRmIFo+URlckkKfGkZSoYB3 ghsCIaeNsIhCNBy8B6UrWj6HIhpNCLORTLtsMxuNOxj/Zbmij6bXg6mOaHijqNXF CzyHkVIkbbabkokgDVsGln/WPN73gqRuRTE4aEBUF+yEBeW+Pg6n7zKct9KCjKrF oXPxWMBglgp035cw9IZ4cM/LepN/nTLeheJAJB2dK/PBkME87DU52syGh078xkgK H6a1bazPRKKt+4uaQwhAkfUDeykh7dfnYMBU75qO62mh13zVsVrpsLZAu5CAQ5ju Eu8qNEUFkpTFsJWbfNynyWncydDme6KjFaeha/BYtLHY2fuZtjcp6aYwR9e05nUi J9yu3w4wkSCRmPEtUsq4x8RQaZ0ZXZ2575dHD0825844I0yufxwWZmDgcrDPlRDe 85uDtSR27kJfx207iYJq =6ncf -----END PGP SIGNATURE-----
--- End Message ---
