[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] KMail/KIO POP3 SSL MITM Flaw
From:       David Faure <faure () kde ! org>
Date:       2014-06-22 21:58:45
Message-ID: 8045295.6nhngL7M2C () asterix
[Download RAW message or body]

On Sunday 22 June 2014 21:47:50 Richard Moore wrote:
> > I'm not sure whether to interpret the 'Versions' line in the advisory
> > as "bug was introduced at kdelibs 4.10.95"

Yes, this is what
"Versions:       kdelibs 4.10.95 to 4.13.2"
means.

The file usernotificationhandler.cpp was introduced in 4.10.95
(for the fix for bug 154100 and 265228)

Before that, SlaveInterface handled the messagebox request itself, with no 
need for a job pointer.

> There is an IBM ISS report [3] which implies the bug affects at least
> kdelibs 4.6.x ....

No idea where they got that from.... I cannot confirm this.

-- 
David Faure, faure@kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5

[prev in list] [next in list] [prev in thread] [next in thread]