http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c18 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: KDE4: Screen may be |KDE 4.4.0: Screen may be |unlocked without password |unlocked without password |(due to memory leak?) | --- Comment #18 from Marcus Meissner <meissner@novell.com> 2010-02-13 11:33:12 UTC --- Reply-To: oss-security@lists.openwall.com Date: Fri, 12 Feb 2010 14:38:45 -0500 From: Jeff Mitchell <mitchell@kde.org> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 +Thunderbird/3.0.1 To: oss-security@lists.openwall.com Subject: Re: [oss-security] Re: CVE Request: KDE screensaver unlock issue similar to GNOME one [-- PGP Ausgabe folgt (aktuelle Zeit: Sam 13 Feb 2010 12:32:20 CET) --] gpg: Signature made Fre 12 Feb 2010 20:38:49 CET using DSA key ID D0AE1825 gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel nicht gefunden [-- Ende der PGP-Ausgabe --] [-- Die folgenden Daten sind signiert --] On 2/12/2010 1:18 PM, Jeff Mitchell wrote:
Sorry it's not in the same thread, as I wasn't subscribed to this list at the time.
I can verify that only KDE SC 4.4.0 is affected. Released versions of 4.3 are *not* affected by this bug.
I have committed a patch to the KDE SVN server as revision 1089213. See https://bugs.kde.org/show_bug.cgi?id=217882#c16
Although this solved the problem for me locally, I'm in the process of having other testers verify that they can no longer reproduce the problem with this patch, and will report back once this is verified.
Gentoo and Fedora distribution maintainers have also tested this patch and verified that it works. The patch against 4.4.0 can easily be obtained from here: http://websvn.kde.org/?view=revision&revision=1089241 As this is now backported to the 4.4 branch, it is expected that 4.4.0 will be the only release affected by this vulnerability. Thanks, Jeff -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.