[SCM] messagelib packaging branch, debian/sid, updated. debian/16.04.3-3
Sandro Knauß
hefee at moszumanska.debian.org
Sat Jun 17 07:20:57 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/applications/messagelib.git;a=commitdiff;h=40bfad9
The following commit has been merged in the debian/sid branch:
commit 40bfad9d8bf19dda97e0cec5e1cc2e178f630ad6
Author: Sandro Knauß <sknauss at kde.org>
Date: Sat Jun 17 09:07:42 2017 +0200
Added patch to fix CVE-2017-9604
---
debian/changelog | 4 ++++
debian/patches/fix-CVE-2017-9604.patch | 26 ++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 31 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index c93e725..a9f2f21 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,10 @@ kf5-messagelib (4:16.04.3-3~) UNRELEASED; urgency=medium
* Team upload.
+ [ Sandro Knauß ]
+ * Fix CVE-2017-9604: Send Later with Delay bypasses OpenPGP (Closes: #864803)
+ - Added upstream patch fix-CVE-2017-9604.patch
+
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 03 Dec 2016 13:29:10 +0100
kf5-messagelib (4:16.04.3-2) unstable; urgency=high
diff --git a/debian/patches/fix-CVE-2017-9604.patch b/debian/patches/fix-CVE-2017-9604.patch
new file mode 100644
index 0000000..326a2ea
--- /dev/null
+++ b/debian/patches/fix-CVE-2017-9604.patch
@@ -0,0 +1,26 @@
+From c54706e990bbd6498e7b1597ec7900bc809e8197 Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel at kde.org>
+Date: Fri, 2 Jun 2017 13:56:41 +0200
+Subject: Make sure to sign/encrypt message when we send later
+
+(cherry picked from commit 4048f5e46d0a7d62d93d74fd2861dd70fb2ad660)
+---
+ messagecomposer/src/composer/composerviewbase.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/messagecomposer/src/composer/composerviewbase.cpp b/messagecomposer/src/composer/composerviewbase.cpp
+index d44b8b2..672ea1e 100644
+--- a/messagecomposer/src/composer/composerviewbase.cpp
++++ b/messagecomposer/src/composer/composerviewbase.cpp
+@@ -468,7 +468,7 @@ void MessageComposer::ComposerViewBase::slotEmailAddressResolved(KJob *job)
+ // if so, we create a composer per format
+ // if we aren't signing or encrypting, this just returns a single empty message
+ bool wasCanceled = false;
+- if (m_neverEncrypt && mSaveIn != MessageComposer::MessageSender::SaveInNone) {
++ if (m_neverEncrypt && mSaveIn != MessageComposer::MessageSender::SaveInNone && !mSendLaterInfo) {
+ MessageComposer::Composer *composer = new MessageComposer::Composer;
+ composer->setNoCrypto(true);
+ m_composers.append(composer);
+--
+cgit v0.11.2
+
diff --git a/debian/patches/series b/debian/patches/series
index 6e14fca..3ec5765 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
upstream_add_copying_files.patch
make-it-impossible-to-override-css-settings-from-a-h.patch
+fix-CVE-2017-9604.patch
--
messagelib packaging
More information about the pkg-kde-commits
mailing list