Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 22 Jun 2014 23:58:45 +0200
From: David Faure <faure@....org>
To: Richard Moore <rich@....org>
Cc: Nick Boyce <nick.boyce@...il.com>, oss-security@...ts.openwall.com
Subject: Re: KMail/KIO POP3 SSL MITM Flaw

On Sunday 22 June 2014 21:47:50 Richard Moore wrote:
> > I'm not sure whether to interpret the 'Versions' line in the advisory
> > as "bug was introduced at kdelibs 4.10.95"

Yes, this is what
"Versions:       kdelibs 4.10.95 to 4.13.2"
means.

The file usernotificationhandler.cpp was introduced in 4.10.95
(for the fix for bug 154100 and 265228)

Before that, SlaveInterface handled the messagebox request itself, with no 
need for a job pointer.

> There is an IBM ISS report [3] which implies the bug affects at least
> kdelibs 4.6.x ....

No idea where they got that from.... I cannot confirm this.

-- 
David Faure, faure@....org, http://www.davidfaure.fr
Working on KDE Frameworks 5

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.