Bug#451794: CVE-2007-6000 konqueror allows konqueror to eat alot of memory by a large cookie
Hi Nico,
On Sun, Nov 18, 2007 at 05:52:10PM +0100, Nico Golde wrote:
> Package: konqueror
> Severity: important
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for konqueror.
>
> CVE-2007-6000[0]:
> | KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a
> | denial of service (crash) via large HTTP cookie parameters.
>
> If you fix this vulnerability please also include the CVE id
> in your changelog entry.
>
> At the moment we didn't rate this bug as a security concern,
> please check back with upstream.
>
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6000
The real bug here is in Qt3, that is not being fixed anymore by upstream
(working now in Qt4).
The bug is not considered a serious security concern and it surely won't
be fixed.
Ana
Reply to: