[Pkg-kde-talk] Re: [Secure-testing-team] kdelibs 3.3.2-4 not vulnerable to CAN-2005-0396

Micah Anderson micah@riseup.net
Thu, 17 Mar 2005 23:12:52 -0600


Thanks for letting us know... It doesn't show up in
http://newraff.debian.org/~joeyh/testing-security.html because the CAN
is still "reserved" because the people that have reserved it have not
released it yet. However, we have noted in our files that kdelibs
3.3.2-4 contains this fix, and as long as this makes it into testing,
then things should be fine.

Micah


On Thu, 17 Mar 2005, Adeodato Sim=F3 wrote:

> Hello,
>=20
>   I just wanted to inform the Testing Security Team that kdelibs 3.3.2-=
4
>   as uploaded to unstable on Mar 14th is not vulnerable to CAN-2005-039=
6,
>   Local DCOP denial of service vulnerability [1], despite this not bein=
g
>   mentioned in the changelog. A proper patch was included in the packag=
e.
>=20
>     [1] http://www.kde.org/info/security/advisory-20050316-1.txt
>=20
> --=20
> Adeodato Sim=F3
>     EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
> =20
> Loan-department manager:  "There isn't any fine print.  At these
> interest rates, we don't need it."
>=20
>=20
> _______________________________________________
> Secure-testing-team mailing list
> Secure-testing-team@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team