* SECURITY UPDATE: KMail - HTML injection in plain text viewer
(LP: #1630700)
- debian/patches/0001-Fix-very-old-bug-when-we-remove-space-in-
url-as-foo-.patch: Code added by upstream to fix another bug,
but needs to be applied in advance of patch 0002
- debian/patches/0002-Don-t-convert-as-url-an-url-which-has-a.patch:
Fixes CVE-2016-7966
Patches cherrypicked from Debian: https://anonscm.debian.org/git/pkg-kde/frameworks/kcoreaddons.git
Commit: ab7258dd8a87668ba63c585a69f41f291254aa43
Many thanks to Sandro Knauß for these patches
This bug was fixed in the package kcoreaddons - 5.26.0-0ubuntu2
---------------
kcoreaddons (5.26.0-0ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: KMail - HTML injection in plain text viewer patches/ 0001-Fix- very-old- bug-when- we-remove- space-in- as-foo- .patch: Code added by upstream to fix another bug, patches/ 0002-Don- t-convert- as-url- an-url- which-has- a.patch: /anonscm. debian. org/git/ pkg-kde/ frameworks/ kcoreaddons. git ba63c585a69f41f 291254aa43
(LP: #1630700)
- debian/
url-
but needs to be applied in advance of patch 0002
- debian/
Fixes CVE-2016-7966
Patches cherrypicked from Debian:
https:/
Commit: ab7258dd8a87668
Many thanks to Sandro Knauß for these patches
-- Clive Johnston <email address hidden> Fri, 07 Oct 2016 23:57:19 +0100