[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    SECURITY: Konqueror SSL Vulnerability
From:       Waldo Bastian <bastian () kde ! org>
Date:       2002-08-12 17:22:55
[Download RAW message or body]

Konqueror (kssl to be precisely) fails to detect certificates as invalid that 
have been signed by an issuer who is not allowed to do so. A patch for this 
problem has been commited to both the CVS HEAD branch and the KDE_3_0_BRANCH.

KDE packages for the upcoming KDE 3.0.3 release will be updated to include 
this fix. We hope to have binary packages for KDE 3.0.3 available by the 
start of next week.

Thanks go to Mike Benham and Gregory Steuck for alerting us to the problem.

See also:
http://online.securityfocus.com/archive/1/286895/2002-08-08/2002-08-14/1
http://slashdot.org/article.pl?sid=02/08/12/1341239
http://www.theregister.co.uk/content/4/26620.html

Cheers,
Waldo
-- 
bastian@kde.org  |   SuSE Labs KDE Developer  |  bastian@suse.com


>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]