Re: route of #phrack is a funny man!

[George Staikos <staikos () kde org>]

On May 21, 2002 11:49, gobbles () hushmail com wrote:

> Vulnerable
> **********
>   KDE 1       - all platforms
>   KDE 2       - all platforms
>   KDE 3       - all platforms

[...]

> Problem
> *******
>
> A formatstring vulnerability exist in many talkd implementations.

   A patch for this has been in KDE CVS since 5pm EDT 05/21/02.  Thanks to 
Waldo Bastian for the quick work.  It is patched in the KDE_2_2_BRANCH, 
KDE_3_0_BRANCH and HEAD branch.  There are other problems with this code and 
we recommend not using it.  In particular, users of older KDE versions should 
disable ktalkd entirely.

    The just-released KDE 3.0.1 does not contain this fix since we were 
unaware of it when we sent the source out to the packagers.