From the changelog of 1.5.1: Added a size sanity check for incoming Blowfish ECB blocks. The blind assumption of incoming blocks being the expected 12 bytes could lead to a crash or up to 11 byte information leak due to an out-of-bounds read. This fixes CVE-2014-8483.
Renaming the ebuild for 1.5.1 is almost enough, but the sources no longer have the directory 'doc-translations', so something like this is necessary: --- a/konversation-1.5.1.ebuild +++ b/konversation-1.5.1.ebuild @@ -7,7 +7,7 @@ KDE_LINGUAS="bg bs ca ca@valencia cs da de el en_GB es et fi fr gl he hu it kk km lt nb nds nl pl pt pt_BR ru si sk sl sr sr@ijekavian sr@ijekavianlatin sr@latin sv tr uk zh_CN zh_TW" -KDE_DOC_DIRS="doc doc-translations/%lingua_${PN}" +KDE_DOC_DIRS="doc" KDE_HANDBOOK="optional" inherit kde4-base This works for me at least, though I can't say anything about the translations as I don't make use of them normally. Should there be a separate bug for the version bump, or will this one take care of it?
Thanks, bumped in CVS. + 13 Nov 2014; Michael Palimaka <kensington@gentoo.org> + +konversation-1.5.1.ebuild: + Version bump wrt bug #528252. Fixes CVE-2014-8483. Arch teams, please test and stabilise net-irc/konversation-1.5.1. Target KEYWORDS="amd64 x86". Thanks!
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Removed old.
GLSA vote: no
GLSA vote: no. Closing as [noglsa]