oss-sec mailing list archives
Re: KMail/KIO POP3 SSL MITM Flaw
From: David Faure <faure () kde org>
Date: Sun, 22 Jun 2014 23:58:45 +0200
On Sunday 22 June 2014 21:47:50 Richard Moore wrote:
I'm not sure whether to interpret the 'Versions' line in the advisory as "bug was introduced at kdelibs 4.10.95"
Yes, this is what "Versions: kdelibs 4.10.95 to 4.13.2" means. The file usernotificationhandler.cpp was introduced in 4.10.95 (for the fix for bug 154100 and 265228) Before that, SlaveInterface handled the messagebox request itself, with no need for a job pointer.
There is an IBM ISS report [3] which implies the bug affects at least kdelibs 4.6.x ....
No idea where they got that from.... I cannot confirm this. -- David Faure, faure () kde org, http://www.davidfaure.fr Working on KDE Frameworks 5
Current thread:
- KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 18)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw David Faure (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)