oss-sec mailing list archives
Re: KMail/KIO POP3 SSL MITM Flaw
From: Nick Boyce <nick.boyce () gmail com>
Date: Mon, 23 Jun 2014 00:03:07 +0100
On 22 June 2014 22:58, David Faure <faure () kde org> wrote:
I'm not sure whether to interpret the 'Versions' line in the advisory as "bug was introduced at kdelibs 4.10.95"Yes, this is what "Versions: kdelibs 4.10.95 to 4.13.2" means.
Thanks - it might possibly have been "these are the versions we are supporting with a fix" instead.
There is an IBM ISS report [3] which implies the bug affects at least kdelibs 4.6.x ....No idea where they got that from.... I cannot confirm this.
Your clarification and that correction are much appreciated. Thanks for taking the time. Cheers Nick
Current thread:
- KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 18)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw David Faure (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)