Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Jun 2014 00:03:07 +0100
From: Nick Boyce <nick.boyce@...il.com>
To: oss-security@...ts.openwall.com
Cc: Richard Moore <rich@....org>, David Faure <faure@....org>
Subject: Re: KMail/KIO POP3 SSL MITM Flaw

On 22 June 2014 22:58, David Faure <faure@....org> wrote:

>> > I'm not sure whether to interpret the 'Versions' line in the advisory
>> > as "bug was introduced at kdelibs 4.10.95"
>
> Yes, this is what
> "Versions:       kdelibs 4.10.95 to 4.13.2"
> means.

Thanks - it might possibly have been "these are the versions we are
supporting with a fix" instead.

>> There is an IBM ISS report [3] which implies the bug affects at least
>> kdelibs 4.6.x ....
>
> No idea where they got that from.... I cannot confirm this.

Your clarification and that correction are much appreciated.  Thanks
for taking the time.

Cheers
Nick

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ