[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: SECURITY: Konqueror SSL Vulnerability
From: Waldo Bastian <bastian () kde ! org>
Date: 2002-08-12 18:31:46
[Download RAW message or body]
On Monday 12 August 2002 10:57 am, dep wrote:
> begin Waldo Bastian's quote:
> | Konqueror (kssl to be precisely) fails to detect certificates as
> | invalid that have been signed by an issuer who is not allowed to do
> | so. A patch for this problem has been commited to both the CVS HEAD
> | branch and the KDE_3_0_BRANCH.
>
> question: is it known when this vulnerability was introduced? if it
> was before kde-3.x, will there be patches made available for earlier
> versions?
I'm busy with a patch for KDE 2.2.x.
Versions prior to that didn't have certificate checking at all I believe, so
there is little point in fixing those.
Basically all versions of KDE are affected.
Cheers,
Waldo
--
bastian@kde.org | SuSE Labs KDE Developer | bastian@suse.com
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic