[Secure-testing-team] kdelibs 3.3.2-4 not vulnerable to CAN-2005-0396
Micah Anderson
micah at riseup.net
Fri Mar 18 05:12:52 UTC 2005
Thanks for letting us know... It doesn't show up in
http://newraff.debian.org/~joeyh/testing-security.html because the CAN
is still "reserved" because the people that have reserved it have not
released it yet. However, we have noted in our files that kdelibs
3.3.2-4 contains this fix, and as long as this makes it into testing,
then things should be fine.
Micah
On Thu, 17 Mar 2005, Adeodato Simó wrote:
> Hello,
>
> I just wanted to inform the Testing Security Team that kdelibs 3.3.2-4
> as uploaded to unstable on Mar 14th is not vulnerable to CAN-2005-0396,
> Local DCOP denial of service vulnerability [1], despite this not being
> mentioned in the changelog. A proper patch was included in the package.
>
> [1] http://www.kde.org/info/security/advisory-20050316-1.txt
>
> --
> Adeodato Simó
> EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
>
> Loan-department manager: "There isn't any fine print. At these
> interest rates, we don't need it."
>
>
> _______________________________________________
> Secure-testing-team mailing list
> Secure-testing-team at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
More information about the Secure-testing-team
mailing list