Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201014084428.GB10073@f195.suse.de>
Date: Wed, 14 Oct 2020 10:44:28 +0200
From: Matthias Gerstner <mgerstner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: kdeconnect: CVE-2020-26164: multiple security
 issues in kdeconnectd network daemon

On Tue, Oct 13, 2020 at 03:28:19PM +0200, Solar Designer wrote:
> Will kdeconnectd no longer be active by default in openSUSE?  I hope so.

This is our aim as security team. We are currently still discussing with
the community how to achieve a good solution that removes the attack
surface by default but enables interested users to easily access the
application.

> Merely fixing the known issues doesn't address the fact that this poses
> unjustified risk for most people.

Well put. Exactly my thinking.

Cheers

Matthias

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.