[Pkg-kde-extras] Bug#429209: CVE-2007-3154 information is misleading and wrong
Florian Weimer
fw at deneb.enyo.de
Wed Jun 27 09:49:45 UTC 2007
* Modestas Vainius:
> eGroupWare svn commit 23934 upgraded wz_tooltip.js from v3.25 to v3.45 so
> apparently the security problem was fixed between >3.25 and <=3.45. ktorrent
> had wz_tooltip.js v3.44 which I now believe was not affected by this bug
> since a fix/new feature in 3.45 is probably not related. Although I
> have "fixed" #429209 by upgrading to v3.45, now I believe this change was
> redundant (but I'm not going to revert it) and the bug was false alarm.
In the meantime, I've asked the developer of wz_tooltip.js, and he
isn't aware of a security fix, either. In a next step, I'm going to
ask the person who supplied the bug information to egroupware.
To me, it begins to look like an error on egroupware's part; they have
invented a security bug where none existed.
More information about the pkg-kde-extras
mailing list