Hi Ana, * Ana Guerrero <ana@debian.org> [2008-06-24 19:30]: > On Sun, Nov 18, 2007 at 05:52:10PM +0100, Nico Golde wrote: > > Package: konqueror > > Severity: important > > > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for konqueror. > > > > CVE-2007-6000[0]: > > | KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a > > | denial of service (crash) via large HTTP cookie parameters. [...] > The real bug here is in Qt3, that is not being fixed anymore by upstream > (working now in Qt4). Why don't you reassign it then? :) > The bug is not considered a serious security concern and it surely won't > be fixed. Yes noone said anything different. That's the reason why the CVE id is marked as unimportant in the security tracker and the bug is not filed with severity grave. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgp6K81qpyHq_.pgp
Description: PGP signature