[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE Request: KDE screensaver unlock issue
From:       Jeff Mitchell <mitchell () kde ! org>
Date:       2010-02-12 19:38:45
Message-ID: 4B75AE45.5050606 () kde ! org
[Download RAW message or body]


On 2/12/2010 1:18 PM, Jeff Mitchell wrote:
> Sorry it's not in the same thread, as I wasn't subscribed to this list
> at the time.
> 
> I can verify that only KDE SC 4.4.0 is affected. Released versions of
> 4.3 are *not* affected by this bug.
> 
> I have committed a patch to the KDE SVN server as revision 1089213. See
> https://bugs.kde.org/show_bug.cgi?id=217882#c16
> 
> Although this solved the problem for me locally, I'm in the process of
> having other testers verify that they can no longer reproduce the
> problem with this patch, and will report back once this is verified.

Gentoo and Fedora distribution maintainers have also tested this patch
and verified that it works. The patch against 4.4.0 can easily be
obtained from here: http://websvn.kde.org/?view=revision&revision=1089241

As this is now backported to the 4.4 branch, it is expected that 4.4.0
will be the only release affected by this vulnerability.

Thanks,
Jeff




["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic