[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Security flaw in klock (fwd)
From:       Martin Jones <mjones () powerup ! com ! au>
Date:       1999-06-24 12:13:20
[Download RAW message or body]

Harri Porten wrote:
> 
> Martin Jones wrote:
> >
> > So if the timer is triggered while we are waiting for
> > kcheckpass to complete, the dialog is deleted.  When
> > kcheckpass completes, we continue on but the dialog has
> > been deleted from under us -> crash.
> >
> > This is easier to replicate if kcheckpassis slow on your
> > particular machine.  I can replicate this bug very easily
> > by adding a sleep(2) to kcheckpass.  I am applying this
> 
> Ahh. I was already trying to modify some timeouts to force the bug.
> 
> > patch to the 1.1 and head branches.
> 
> Thanks Martin. I think our "reaction time" was quite good. One hour ?
> 
> Would you like to formulate a response for BugTraq as well (after we
> have received confirmations that the bug is really fixed) ?

I've done this already.

-- 
Martin Jones
mjones@kde.org

[prev in list] [next in list] [prev in thread] [next in thread]