Date: Mon, 23 Jun 2014 00:03:07 +0100 From: Nick Boyce <nick.boyce@...il.com> To: oss-security@...ts.openwall.com Cc: Richard Moore <rich@....org>, David Faure <faure@....org> Subject: Re: KMail/KIO POP3 SSL MITM Flaw On 22 June 2014 22:58, David Faure <faure@....org> wrote: >> > I'm not sure whether to interpret the 'Versions' line in the advisory >> > as "bug was introduced at kdelibs 4.10.95" > > Yes, this is what > "Versions: kdelibs 4.10.95 to 4.13.2" > means. Thanks - it might possibly have been "these are the versions we are supporting with a fix" instead. >> There is an IBM ISS report  which implies the bug affects at least >> kdelibs 4.6.x .... > > No idea where they got that from.... I cannot confirm this. Your clarification and that correction are much appreciated. Thanks for taking the time. Cheers Nick
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ