Security update for konversation SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:3099-1 Final 1 1 2017-11-25T19:57:15Z current 2017-11-25T19:57:15Z 2017-11-25T19:57:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for konversation This update for konversation fixes the following issues: Security issue fixed: - CVE-2017-15923: Fixed a crash in parsing IRC color formatting codes (boo#1068097). Bug fixes: - Update to version 1.7.4: * Fixed a bug causing the size of a custom chat text view font set via the configuration dialog to be ignored. A font size modification done via the Enlarge/Decrease Font Size actions is now applied on top of the configured size (or the system default font size, respectively). - Update to 1.7.3: * Added a copy action to the context menu of nicknames in the chat text view. * Re-enabled channel mode buttons. * Reduced emission of Unicode directional control characters in the chat text view. Unnecessary control characters could sometimes cause problems with copying text from Konversation and pasting it into terminal applications, confusing them. * Fixed handling of nick and channel prefix characters potentially using the same set of symbols. * Removed redundant escaping of angle brackets in GECOS ('realname') field. * The nickname combobox will no longer change the nickname to the current value whenvever it loses focus. * Fixed color scheme handling in the treelist version on the tab bar, fixing an issue where the background and text color of the selected item would sometimes be the same, rendering the item unreadable. * Fixed handling of IRC URLs for channels starting with more than one #, addressing a percent-encoding problem with bookmarks of them. * Fixed custom chat text view font family reverting to system default font family upon using the increase/decrease font size actions. * Fixed chat text view font size adjusted via the increase/decrease font size actions reverting to configuration default when OK'ing the config dialog. * Fixed incorrect checkbox states in the Channel Invite dialog. * Fixed a crash in IRC v3 extended-join parsing. * Fixed a crash in parsing IRC color formatting codes. * Fixed a minor memory leak in the Join Channel dialog code. * Removed unnecessary nickname list debug message sent as warning. - Trim description from redundant phrasing, and ensure neutrality. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-11/msg00081.html E-Mail link for openSUSE-SU-2017:3099-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 konversation-1.7.4-3.1 konversation-lang-1.7.4-3.1 konversation-1.7.4-3.1 as a component of openSUSE Leap 42.3 konversation-lang-1.7.4-3.1 as a component of openSUSE Leap 42.3 Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. CVE-2017-15923 openSUSE Leap 42.3:konversation-1.7.4-3.1 openSUSE Leap 42.3:konversation-lang-1.7.4-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00081.html https://www.suse.com/security/cve/CVE-2017-15923.html CVE-2017-15923 https://bugzilla.suse.com/1068097 SUSE Bug 1068097