Bug#710497: kdeplasma-addons: CVE-2013-2120
Hi Qt/KDE maintainers,
On Fri, May 31, 2013 at 01:39:50PM +0200, Moritz Muehlenhoff wrote:
> Package: kdeplasma-addons
> Severity: important
> Tags: security
>
> Please see http://seclists.org/oss-sec/2013/q2/429
>
> Once an upstream fix is available, we can fix this in
> a point update.
Short note on this: Upstream proposed fix, which was pushed to Ubuntu
and Fedora already, is incomplete/still weak, see [1], so please do
not add this patch alone. Some discussion is happening on [2] and
[3].
[1] http://marc.info/?l=oss-security&m=137222323420860&w=2
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2120
[3] https://bugs.launchpad.net/ubuntu/%2Bsource/kdeplasma-addons/%2Bbug/1179380
Regards,
Salvatore
Reply to: