openSUSE Security Update: Security update for konversation ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:3099-1 Rating: moderate References: #1068097 Cross-References: CVE-2017-15923 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for konversation fixes the following issues: Security issue fixed: - CVE-2017-15923: Fixed a crash in parsing IRC color formatting codes (boo#1068097). Bug fixes: - Update to version 1.7.4: * Fixed a bug causing the size of a custom chat text view font set via the configuration dialog to be ignored. A font size modification done via the Enlarge/Decrease Font Size actions is now applied on top of the configured size (or the system default font size, respectively). - Update to 1.7.3: * Added a copy action to the context menu of nicknames in the chat text view. * Re-enabled channel mode buttons. * Reduced emission of Unicode directional control characters in the chat text view. Unnecessary control characters could sometimes cause problems with copying text from Konversation and pasting it into terminal applications, confusing them. * Fixed handling of nick and channel prefix characters potentially using the same set of symbols. * Removed redundant escaping of angle brackets in GECOS ("realname") field. * The nickname combobox will no longer change the nickname to the current value whenvever it loses focus. * Fixed color scheme handling in the treelist version on the tab bar, fixing an issue where the background and text color of the selected item would sometimes be the same, rendering the item unreadable. * Fixed handling of IRC URLs for channels starting with more than one #, addressing a percent-encoding problem with bookmarks of them. * Fixed custom chat text view font family reverting to system default font family upon using the increase/decrease font size actions. * Fixed chat text view font size adjusted via the increase/decrease font size actions reverting to configuration default when OK'ing the config dialog. * Fixed incorrect checkbox states in the Channel Invite dialog. * Fixed a crash in IRC v3 extended-join parsing. * Fixed a crash in parsing IRC color formatting codes. * Fixed a minor memory leak in the Join Channel dialog code. * Removed unnecessary nickname list debug message sent as warning. - Trim description from redundant phrasing, and ensure neutrality. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1306=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): konversation-1.7.4-3.1 konversation-debuginfo-1.7.4-3.1 konversation-debugsource-1.7.4-3.1 - openSUSE Leap 42.3 (noarch): konversation-lang-1.7.4-3.1 References: https://www.suse.com/security/cve/CVE-2017-15923.html https://bugzilla.suse.com/1068097