Ubuntu
kcoreaddons package

  1. Bug #1630700
  2. Comment #12

Comment 12 for bug 1630700

Revision history for this message
Clive Johnston (clivejo) wrote : Re: CVE - KMail - HTML injection in plain text viewer

Xenial is proving to be harder to patch due to it being Frameworks 5.18.

https://launchpad.net/ubuntu/+source/kcoreaddons/5.18.0-0ubuntu1

5.18.0 was tagged on Sat, 09 Jan 2016 09:49:38 +0000 (09:49 +0000) so according to this log:

https://quickgit.kde.org/?p=kcoreaddons.git&a=history&h=5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a&f=src%2Flib%2Ftext%2Fktexttohtml.cpp

We have 5 patches to apply, but I'm not experienced enough with coding to determine what is needed to fix the CVE and what is just new features or bug fixes. There is talk in the KDE community that patches might be available for up to a year after release, but still waiting on confirmation.