Hi Moritz, Alle giovedì 18 luglio 2013, Moritz Muehlenhoff ha scritto: > when triaging some recent security issues I noticed that this bug had > been assigned a CVE ID: https://bugs.kde.org/show_bug.cgi?id=314919 > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4133 > > The fix is here and part of 4.10.5 release of kde-workspace: > https://projects.kde.org/projects/kde/kde-workspace/repository/revisi > ons/2c810db3e41d56ad7dd8ec3436f3cf3abcc31983 I just checked, and this seems to have been committed to the KDE/4.10 branch of kde-workspace only after the tagging of 4.10.5 (just like the fix for CVE-2013-4132, #717180), > Calling this a security issue seems very far-fetched to me, but IMO > it's a bug that could be fixed in a Wheezy point update? release-team will want the fix tested in unstable for a bit; I just backported the patch to our packaging repository, and will be part of the next 4.10.5-3 upload. When that migrates (we need to solve few issues in other parts of 4.10.5 before), we can provide a stable-update. -- Pino Toscano
Attachment:
signature.asc
Description: This is a digitally signed message part.