KDE Project Security Advisory: Kopete: XMPP User Impersonation Vulnerability

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

KDE Project Security Advisory: Kopete: XMPP User Impersonation Vulnerability

Albert Astals Cid-3
KDE Project Security Advisory
=============================

Title:          Kopete: XMPP User Impersonation Vulnerability
Risk Rating:    Important
CVE:            CVE-2017-5593
Versions:       kopete >= 16.11.80
Date:           14 February 2017

Overview
========

Kopete includes libiris code that is vulnerable to CVE-2017-5593.

You can find the description of CVE-2017-5593 at
http://seclists.org/oss-sec/2017/q1/373


Solution
========

Update to Kopete >= 16.12.3 (when released)

Or apply the following patch:
https://commits.kde.org/kopete/6243764c4fd0985320d4a10b48051cc418d584ad

Credits
=======

Thanks to Pali Rohár for patching Kopete's copy of libiris code.