[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: [kde-announce] KDE Project Security Advisory: kwallet: Fix CBC encryption handling
From:       Valentin Rusu <kde () rusu ! info>
Date:       2015-01-10 22:47:46
Message-ID: 20150110224746.GA4515 () sisif ! lan
[Download RAW message or body]

On 10/01/15 23:30:58, Luc Menut wrote:
> Hello,
> 
> Le 10/01/2015 17:27, Albert Astals Cid a écrit :
> >KDE Project Security Advisory
> >=============================
> >
> >Title:          Fix kwalletd CBC encryption handling
> >Risk Rating:    Low
> >CVE:            CVE-2013-7252
> >Platforms:      All
> >Versions:       kwalletd < Applications 14.12.1, KF5::KWallet < 5.6.0
> >Author:         Valentin Rusu <kde@rusu.info>
> >Date:           9 January 2015
> >
> 
> ...
> 
> >
> >Solution
> >========
> >
> >For kde-runtime KWallet upgrade to KDE Applications 14.12.1 or apply the
> >following patch:
> >   http://quickgit.kde.org/?p=kde-runtime.git&a=commit&h=14a8232d0b5b1bc5e0ad922292c6b5a1c501165c
> 
> I see this patch in master and KDE/4.12, but not in KDE/4.13, KDE/4.14 and
> Applications/14.12.
> Is it not needed for these 3 branches (KDE/4.13, KDE/4.14 and
> Applications/14.12), fixed in another way ???

Not being sure that there'll be a new KDE/4.14 release, I cherry-picked this fix to that branch too.

Regards,
Valentin


>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]