| IrcsomeBot1 | <tsimonq2> Debian bug 908168. I haven't filed an Ubuntu bug yet. | 00:00 |
|---|---|---|
| ubottu | Debian bug 908168 in src:okular "okular: CVE-2018-1000801" [Important,Open] http://bugs.debian.org/908168 | 00:00 |
| IrcsomeBot1 | <tsimonq2> The POC is in the KDE bug: https://bugs.kde.org/show_bug.cgi?id=398096 … Please use that when testing. If someone is around within the next few hours, you can test which versions are affected or not. | 00:03 |
| ubottu | KDE bug 398096 in general "Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation" [Major,Resolved: fixed] | 00:03 |
| IrcsomeBot1 | * tsimonq2 goes AFK for two hours. | 00:04 |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kitinerary build #119: STILL FAILING in 14 min: https://kci.pangea.pub/job/bionic_unstable_kitinerary/119/ | 00:09 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_cantor build #188: STILL FAILING in 33 sec: https://kci.pangea.pub/job/bionic_unstable_cantor/188/ | 00:10 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_kamoso build #79: STILL UNSTABLE in 44 min: https://kci.pangea.pub/job/cosmic_stable_kamoso/79/ | 00:10 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_kbounce build #65: STILL UNSTABLE in 24 min: https://kci.pangea.pub/job/cosmic_stable_kbounce/65/ | 00:10 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_stable_plasma-browser-integration build #98: STILL UNSTABLE in 16 min: https://kci.pangea.pub/job/bionic_stable_plasma-browser-integration/98/ | 00:11 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kitinerary build #74: STILL FAILING in 23 min: https://kci.pangea.pub/job/cosmic_unstable_kitinerary/74/ | 00:17 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_peruse build #135: STILL UNSTABLE in 53 min: https://kci.pangea.pub/job/bionic_unstable_peruse/135/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kio-extras build #202: STILL UNSTABLE in 34 min: https://kci.pangea.pub/job/bionic_unstable_kio-extras/202/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kio-extras build #97: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/cosmic_unstable_kio-extras/97/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_rocs build #69: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/cosmic_unstable_rocs/69/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_ark build #237: STILL UNSTABLE in 47 min: https://kci.pangea.pub/job/bionic_unstable_ark/237/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_ark build #96: STILL UNSTABLE in 1 hr 15 min: https://kci.pangea.pub/job/cosmic_unstable_ark/96/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_plasma-mycroft build #86: STILL UNSTABLE in 54 min: https://kci.pangea.pub/job/cosmic_unstable_plasma-mycroft/86/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kalzium build #72: STILL UNSTABLE in 1 hr 15 min: https://kci.pangea.pub/job/cosmic_unstable_kalzium/72/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kdeconnect-kde build #95: STILL UNSTABLE in 1 hr 15 min: https://kci.pangea.pub/job/cosmic_unstable_kdeconnect-kde/95/ | 00:20 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_stable_kitinerary build #11: STILL UNSTABLE in 46 min: https://kci.pangea.pub/job/bionic_stable_kitinerary/11/ | 00:41 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_peruse build #46: STILL UNSTABLE in 1 hr 0 min: https://kci.pangea.pub/job/cosmic_unstable_peruse/46/ | 00:45 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_plasma-browser-integration build #222: STILL UNSTABLE in 50 min: https://kci.pangea.pub/job/bionic_unstable_plasma-browser-integration/222/ | 00:45 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_amarok build #63: STILL UNSTABLE in 1 hr 40 min: https://kci.pangea.pub/job/cosmic_unstable_amarok/63/ | 00:45 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kamoso build #197: STILL UNSTABLE in 35 min: https://kci.pangea.pub/job/bionic_unstable_kamoso/197/ | 00:46 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_discover build #255: STILL FAILING in 50 min: https://kci.pangea.pub/job/bionic_unstable_discover/255/ | 00:46 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_amarok build #186: STILL UNSTABLE in 1 hr 40 min: https://kci.pangea.pub/job/bionic_unstable_amarok/186/ | 00:46 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_discover build #110: STILL FAILING in 51 min: https://kci.pangea.pub/job/cosmic_unstable_discover/110/ | 00:46 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_plasma-mycroft build #187: STILL UNSTABLE in 1 hr 0 min: https://kci.pangea.pub/job/bionic_unstable_plasma-mycroft/187/ | 00:46 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kdeconnect-kde build #244: STILL UNSTABLE in 1 hr 0 min: https://kci.pangea.pub/job/bionic_unstable_kdeconnect-kde/244/ | 00:46 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_k3b build #98: STILL UNSTABLE in 52 min: https://kci.pangea.pub/job/cosmic_unstable_k3b/98/ | 00:46 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_libqapt build #117: FAILURE in 4 min 45 sec: https://kci.pangea.pub/job/bionic_unstable_libqapt/117/ | 00:51 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_labplot build #205: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/bionic_unstable_labplot/205/ | 00:59 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_labplot build #98: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/cosmic_unstable_labplot/98/ | 00:59 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_marble build #46: STILL UNSTABLE in 1 hr 4 min: https://kci.pangea.pub/job/cosmic_unstable_marble/46/ | 01:00 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_kdepim-runtime build #34: STILL FAILING in 3 min 51 sec: https://kci.pangea.pub/job/cosmic_stable_kdepim-runtime/34/ | 01:02 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_plasma-workspace build #262: STILL FAILING in 24 min: https://kci.pangea.pub/job/bionic_unstable_plasma-workspace/262/ | 01:10 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kphotoalbum build #185: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/bionic_unstable_kphotoalbum/185/ | 01:21 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_akonadi build #77: STILL FAILING in 1 hr 1 min: https://kci.pangea.pub/job/cosmic_unstable_akonadi/77/ | 01:22 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_syntax-highlighting build #88: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/cosmic_unstable_syntax-highlighting/88/ | 02:06 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_breeze build #203: STILL UNSTABLE in 21 min: https://kci.pangea.pub/job/bionic_unstable_breeze/203/ | 02:17 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_baloo build #135: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/bionic_unstable_baloo/135/ | 02:17 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_baloo build #70: STILL UNSTABLE in 34 min: https://kci.pangea.pub/job/cosmic_unstable_baloo/70/ | 02:17 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_phonon build #34: STILL UNSTABLE in 17 min: https://kci.pangea.pub/job/cosmic_unstable_phonon/34/ | 03:05 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_syntax-highlighting build #188: STILL UNSTABLE in 21 min: https://kci.pangea.pub/job/bionic_unstable_syntax-highlighting/188/ | 03:55 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kwindowsystem build #58: STILL UNSTABLE in 19 min: https://kci.pangea.pub/job/cosmic_unstable_kwindowsystem/58/ | 04:04 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_pim-data-exporter build #63: STILL FAILING in 2 min 43 sec: https://kci.pangea.pub/job/cosmic_stable_pim-data-exporter/63/ | 04:24 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_messagelib build #61: STILL FAILING in 26 min: https://kci.pangea.pub/job/cosmic_unstable_messagelib/61/ | 05:16 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_stable_akonadi-contacts build #154: STILL UNSTABLE in 16 min: https://kci.pangea.pub/job/bionic_stable_akonadi-contacts/154/ | 05:23 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kwindowsystem build #191: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/bionic_unstable_kwindowsystem/191/ | 06:48 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_tooling build #211: STILL FAILING in 4 min 46 sec: https://kci.pangea.pub/job/mgmt_tooling/211/ | 07:21 | |
| -kubuntu-ci:#kubuntu-devel- Failed tests: | 07:21 | |
| -kubuntu-ci:#kubuntu-devel- PangeaDPutTest.test_run: https://kci.pangea.pub/job/mgmt_tooling/211/testReport/junit/junit/(root)/PangeaDPutTest/test_run | 07:21 | |
| -kubuntu-ci:#kubuntu-devel- KCIBuilderTest.test_puts_log: https://kci.pangea.pub/job/mgmt_tooling/211/testReport/junit/junit/(root)/KCIBuilderTest/test_puts_log | 07:21 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_akonadi-contacts build #43: STILL UNSTABLE in 19 min: https://kci.pangea.pub/job/cosmic_unstable_akonadi-contacts/43/ | 08:04 | |
| -kubuntu-ci:#kubuntu-devel- Project xenial_stable_plasma-desktop build #180: STILL FAILING in 33 sec: https://kci.pangea.pub/job/xenial_stable_plasma-desktop/180/ | 08:19 | |
| -kubuntu-ci:#kubuntu-devel- Project xenial_unstable_plasma-desktop build #369: STILL FAILING in 1 min 11 sec: https://kci.pangea.pub/job/xenial_unstable_plasma-desktop/369/ | 08:20 | |
| -kubuntu-ci:#kubuntu-devel- Project xenial_stable_discover build #179: STILL FAILING in 34 sec: https://kci.pangea.pub/job/xenial_stable_discover/179/ | 09:57 | |
| -kubuntu-ci:#kubuntu-devel- Project xenial_unstable_discover build #389: STILL FAILING in 34 sec: https://kci.pangea.pub/job/xenial_unstable_discover/389/ | 09:57 | |
| BluesKaj | Howdy folks | 10:06 |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_discover build #256: STILL FAILING in 37 min: https://kci.pangea.pub/job/bionic_unstable_discover/256/ | 10:34 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_discover build #111: STILL FAILING in 44 min: https://kci.pangea.pub/job/cosmic_unstable_discover/111/ | 10:41 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » linode-01 build #2470: SUCCESS in 1 min 16 sec: https://kci.pangea.pub/job/mgmt_docker/label=linode-01/2470/ | 11:49 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » master build #2470: SUCCESS in 1 min 20 sec: https://kci.pangea.pub/job/mgmt_docker/label=master/2470/ | 11:49 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » swy-01 build #2470: SUCCESS in 4 min 24 sec: https://kci.pangea.pub/job/mgmt_docker/label=swy-01/2470/ | 11:52 | |
| -kubuntu-ci:#kubuntu-devel- Starting build #185 for job mgmt_pause_integration (previous build: ABORTED) | 12:14 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_pause_integration build #185: ABORTED in 1 min 8 sec: https://kci.pangea.pub/job/mgmt_pause_integration/185/ | 12:15 | |
| === himcesjf_ is now known as him-cesjf | ||
| -kubuntu-ci:#kubuntu-devel- Starting build #186 for job mgmt_pause_integration (previous build: ABORTED) | 12:58 | |
| mparillo | I saw a call for testers for a CVE against Okular? | 13:10 |
| BluesKaj | 'Morning mparillo, ...CVE? | 13:13 |
| mparillo | Good morning BluesKaj. https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures The way I understand it Okular can (with a malicious file) open arbitrary files outside the intended directory. | 13:17 |
| mparillo | https://bugs.kde.org/show_bug.cgi?id=398096 | 13:17 |
| ubottu | KDE bug 398096 in general "Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation" [Major,Resolved: fixed] | 13:17 |
| BluesKaj | ahh, ok | 13:18 |
| mparillo | The way I read it, it is fixed in 18.08.1. The package in CC is 18.04.3 (But Help About shows version 1.4.3). | 13:24 |
| IrcsomeBot1 | <tsimonq2> mparillo: Please do test the POC on as many releases as you can :) | 13:25 |
| IrcsomeBot1 | <tsimonq2> wxl: If you still have 14.04 systems, testing would be appreciated ^ | 13:26 |
| mparillo | In a CC VM, I cannot even open the file attached to kde bug 398096. I get Could not open file://home/mparillo/Downloads/pocFileCreation.okular Am I doing something wrong? | 14:02 |
| ubottu | KDE bug 398096 in general "Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation" [Major,Resolved: fixed] http://bugs.kde.org/show_bug.cgi?id=398096 | 14:02 |
| mparillo | Also, if I read the bug report, this is only an issue if you run okular as root. I cannot even su - on Kubuntu (maybe I never could, but this is the first time I ever tried on Kubuntu). | 14:05 |
| mparillo | I should have guessed. sudo su - works. | 14:05 |
| IrcsomeBot1 | <acheronuk> won't open here either | 14:08 |
| mparillo | OK, on CC, if I sudo su - then run okular from the command line as root (what kind of idiot does that?), then I can open the file and I see the Hello World in the PDF. But I do not see the payloadXXXXXX.pdf in /root | 14:12 |
| acheronuk | mparillo: if you are some numpty pretending to be a hacker with kali? | 14:13 |
| IrcsomeBot1 | <Santa> lol @ "I have contacts in neon" | 14:14 |
| mparillo | I am enough of a newbie to have never in my life (until today) sudo su - in Kubuntu. | 14:14 |
| IrcsomeBot1 | <acheronuk> @Santa, given that the 2 main neon devs are in this channel on IRC..... ;) | 14:16 |
| IrcsomeBot1 | <Santa> we have contacts in neon then :) | 14:17 |
| IrcsomeBot1 | <Santa> btw I'm inspecting the libkcddb... | 14:17 |
| IrcsomeBot1 | <Santa> @acheronuk ok, I think the last thing I'm going to try is to set the XDG env var, if that doesn't work I see no other option than disabling the failing network tests | 14:19 |
| IrcsomeBot1 | <tsimonq2> @acheronuk, I slightly overstated it but still :) | 14:20 |
| IrcsomeBot1 | <Santa> XD | 14:20 |
| IrcsomeBot1 | <acheronuk> @Santa, sounds like tellico. after multiple tries, doko reached a ubuntu5 in the end nuking all the networks tests! | 14:22 |
| IrcsomeBot1 | <Santa> I think we also have a similar case in a fw package | 14:23 |
| IrcsomeBot1 | <Santa> iirc I had to void a "ktcpsockettest" or something like that | 14:23 |
| mparillo | acheronuk: tsimonq2: Same behaviour on 18.04. Okular could not even open the proof-of-concept file from dolphin running as mparillo (Maybe some of the hate against disallowing running dolphin as root was unwarranted). | 14:31 |
| mparillo | When I open a konsole, and sudo su - and then okular, I can open the file and see the Hello World, but nothing is written to /root. | 14:32 |
| === himcesjf_ is now known as him-cesjf | ||
| mparillo | Whoops. It is more complicated that that. Actually, payloadXXXXX.pdf is written to /root. It is just cleaned up when root exits okular. I did not notice it when I invoked okular from the command line because (1) It ties up the shell prompt and (2) I was not running dolphin as root. But if I open two tabs in konsole, and sudo su - in both, I can see that payload is actually written to /root while Okular is running. It is just | 14:42 |
| mparillo | cleaned up on exit. Sorry. Still, I think this is an edge case for the normal kubuntu user. | 14:42 |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » linode-01 build #2471: SUCCESS in 55 sec: https://kci.pangea.pub/job/mgmt_docker/label=linode-01/2471/ | 14:45 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » master build #2471: SUCCESS in 1 min 18 sec: https://kci.pangea.pub/job/mgmt_docker/label=master/2471/ | 14:46 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » swy-01 build #2471: SUCCESS in 4 min 18 sec: https://kci.pangea.pub/job/mgmt_docker/label=swy-01/2471/ | 14:49 | |
| acheronuk | this does seem to be a fairly absurd CVE, but as long as we can verify the fix I guess we apply it and just ***shrug*** | 15:24 |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_pause_integration build #186: ABORTED in 2 hr 27 min: https://kci.pangea.pub/job/mgmt_pause_integration/186/ | 15:26 | |
| mparillo | I say edge case; you say absurd. ;-) | 15:47 |
| wxl | @tsimonq2: i assume when you say you want the POC tested, you mean you want to see if the fix fixes it? | 16:49 |
| wxl | @HMollerCl please file a bug against lubuntu-artwork regarding that PulseAudio icon | 16:50 |
| acheronuk | wxl: HMollerCl isn't in here AFAIK | 16:53 |
| wxl | aw oops | 16:54 |
| * wxl drinks more tea, quicker | 16:54 | |
| -kubuntu-ci:#kubuntu-devel- Project merger_kexi build #486: STILL FAILING in 1 min 23 sec: https://kci.pangea.pub/job/merger_kexi/486/ | 23:02 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_merger build #1183: STILL UNSTABLE in 3 min 36 sec: https://kci.pangea.pub/job/mgmt_merger/1183/ | 23:03 | |
| -kubuntu-ci:#kubuntu-devel- Project mgmt_progenitor build #1161: STILL UNSTABLE in 3 min 38 sec: https://kci.pangea.pub/job/mgmt_progenitor/1161/ | 23:03 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_krita build #247: STILL FAILING in 2 min 39 sec: https://kci.pangea.pub/job/bionic_unstable_krita/247/ | 23:07 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kwin build #105: STILL FAILING in 3 min 26 sec: https://kci.pangea.pub/job/cosmic_unstable_kwin/105/ | 23:08 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kitinerary build #120: STILL FAILING in 19 min: https://kci.pangea.pub/job/bionic_unstable_kitinerary/120/ | 23:24 | |
| -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_krita build #103: STILL FAILING in 21 min: https://kci.pangea.pub/job/cosmic_unstable_krita/103/ | 23:27 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_stable_kitinerary build #12: STILL UNSTABLE in 46 min: https://kci.pangea.pub/job/bionic_stable_kitinerary/12/ | 23:50 | |
| -kubuntu-ci:#kubuntu-devel- Project bionic_stable_krita build #172: STILL FAILING in 2 min 44 sec: https://kci.pangea.pub/job/bionic_stable_krita/172/ | 23:53 | |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!