Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B75AE45.5050606@kde.org>
Date: Fri, 12 Feb 2010 14:38:45 -0500
From: Jeff Mitchell <mitchell@....org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request: KDE screensaver unlock issue
 similar to GNOME one

On 2/12/2010 1:18 PM, Jeff Mitchell wrote:
> Sorry it's not in the same thread, as I wasn't subscribed to this list
> at the time.
> 
> I can verify that only KDE SC 4.4.0 is affected. Released versions of
> 4.3 are *not* affected by this bug.
> 
> I have committed a patch to the KDE SVN server as revision 1089213. See
> https://bugs.kde.org/show_bug.cgi?id=217882#c16
> 
> Although this solved the problem for me locally, I'm in the process of
> having other testers verify that they can no longer reproduce the
> problem with this patch, and will report back once this is verified.

Gentoo and Fedora distribution maintainers have also tested this patch
and verified that it works. The patch against 4.4.0 can easily be
obtained from here: http://websvn.kde.org/?view=revision&revision=1089241

As this is now backported to the 4.4 branch, it is expected that 4.4.0
will be the only release affected by this vulnerability.

Thanks,
Jeff




Download attachment "signature.asc" of type "application/pgp-signature" (197 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.