[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: SECURITY: Konqueror SSL Vulnerability
From:       Hetz Ben Hamo <hetz () kde ! org>
Date:       2002-08-12 18:03:18
[Download RAW message or body]

Can you please post the patch please? (if it's not too big) as this could help 
for the various distributions to re-release 3.0.2 packages with this patch 
until 3.0.3 arrives.

Hetz

On Monday 12 August 2002 20:22, Waldo Bastian wrote:
> Konqueror (kssl to be precisely) fails to detect certificates as invalid
> that have been signed by an issuer who is not allowed to do so. A patch for
> this problem has been commited to both the CVS HEAD branch and the
> KDE_3_0_BRANCH.
>
> KDE packages for the upcoming KDE 3.0.3 release will be updated to include
> this fix. We hope to have binary packages for KDE 3.0.3 available by the
> start of next week.
>
> Thanks go to Mike Benham and Gregory Steuck for alerting us to the problem.
>
> See also:
> http://online.securityfocus.com/archive/1/286895/2002-08-08/2002-08-14/1
> http://slashdot.org/article.pl?sid=02/08/12/1341239
> http://www.theregister.co.uk/content/4/26620.html
>
> Cheers,
> Waldo


>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]