[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- kdebase4 (konqueror) -- Incomplete
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-05-21 22:13:12
Message-ID: Pine.GSO.4.51.0905211809370.18536 () faron ! mitre ! org
[Download RAW message or body]


In CVE, we treat the inadvertent prevention of access to security
functionality as a bug.  There is no direct way that an external attacker
can trigger it, and the attacker gets no direct benefit by waiting for it
to happen passively.  It's only doable by a person doing this to
himself/herself.

So, this would not get a CVE.

- Steve



On Tue, 12 May 2009, Jan Lieskovsky wrote:

> Hello Steve,
>
>   not sure if original Debian bug [1] reporter meant this insufficiency,
> but [2] might be interesting for your attention. While this is not
> direct security vulnerability, is is preventing users from using
> the functionality provided by digital certificates.
>
> References:
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526979
> [2] https://bugs.kde.org/show_bug.cgi?id=185288
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=500373
>
> This issue is present only in Konqueror web browser, as shipped
> with the K Desktop Environment 4 (kdebase-4.*). Konqueror in
> kdebase3 works fine.
>
> Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
>
>
[prev in list] [next in list] [prev in thread] [next in thread]