File _patchinfo of Package patchinfo.3145

<patchinfo incident="3145">
  <issue id="CVE-2014-8483" tracker="cve" />
  <issue id="902670" tracker="bnc" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>sumski</packager>
  <description>
konversation was updated to version 1.5.1, fixing bugs and one
security issue.

Changes:
* Konversation 1.5.1 is a maintenance release containing only bug
  fixes. The included changes address several minor behavioral
  defects and a low-risk DoS security defect in the Blowfish
  ECB support. The KDE Platform version dependency has increased
  to v4.9.0 to gain access to newer Qt socket transport
  security flags.
* Fixed a bug causing wildcards in command alias replacement
  patterns not to be expanded.
* Fixed a bug causing auto-joining of channels not starting
  in # or &amp; to sometimes fail because the auto-join command
  was generated before we got the CHANTYPES pronouncement
  by the server.
* Added a size sanity check for incoming Blowfish ECB blocks.
  The blind assumption of incoming blocks being the expected
  12 bytes could lead to a crash or up to 11 byte information
  leak due to an out-of-bounds read. CVE-2014-8483.
* Enabling SSL/TLS support for connections will now advertise
  the protocols Qt considers secure by default, instead of
  being hardcoded to TLSv1.
* Fixed the bundled 'sysinfo' script not coping with empty
  lines in /etc/os-release.
* Made disk space info in the bundled 'sysinfo' script more
  robust by forcing the C locale for 'df'.
* Added an audio player type hint for Cantata to the bundled
  'media' script.
* Fixed some minor comparison logic errors turned up by
  static analysis.
* Konversation now depends on KDE Platform v4.9.0 or higher.
</description>
  <summary>konversation: security and bugfix release to 1.5.1</summary>
</patchinfo>