Why no SuSE RPMs for KDE 3.1.4 security update?
Hi,
Since KDE 3.1.4 is a security update prompted originally by a posting to
suse-security, I thought it worthwhile to cross-post this question to
suse-security.
Why have KDE 3.1.4 SuSE RPMs not yet appeared? Why is there no security
advisory? Are the security vulnerabilities fixed in some other way in SuSE
8.2?
Best regards
---------- Forwarded Message ----------
Subject: Re: [suse-kde] 3.1.4er rpms?
Date: Sun, 21 Sep 2003 12:03
From: "Paul C. Leopardi"
On Sat, 20 Sep 2003 12:55:10 -0700 Ben Rosenberg
wrote: I doubt we are going to see a set of KDE 3.1.4 packages anytime soon because they are "working on 9.0" or something.
I am pretty unhappy with the situation. If 3.1.4 is only a small feature enhancement update then I can live with the status quo, but 3.1.4 contains security fixes therefore SuSE versions should be made available. I can of course compile them from the pristine source, but then I will loose some of the integration with SuSE.
-- To unsubscribe, email: suse-kde-unsubscribe@suse.com For additional commands, email: suse-kde-help@suse.com Please do not cross-post to suse-linux-e -------------------------------------------------------
Am Montag, 22. September 2003 04:10 schrieb Paul C. Leopardi:
Hi, Since KDE 3.1.4 is a security update prompted originally by a posting to suse-security, I thought it worthwhile to cross-post this question to suse-security.
Why have KDE 3.1.4 SuSE RPMs not yet appeared? Why is there no security advisory? Are the security vulnerabilities fixed in some other way in SuSE 8.2?
Oktoberfest did start last weekend here in bavaria. Just say to your users that they are not allowed to use exploits against those security vulnerabilities. Matthias
Ah, the old meaning of "free as in beer": On Mon, 22 Sep 2003 19:41, Matthias Wieser wrote:
Oktoberfest did start last weekend here in bavaria. Just say to your users that they are not allowed to use exploits against those security vulnerabilities.
Hi all, Re: http://www.securitytracker.com/alerts/2003/Sep/1007721.html There is still no security advisory from SuSE, and no KDE 3.1.4 RPMs. Does SuSE expect me to compile KDE from source? Normally SuSE is very quick with advisories and security updates. This time, it is making think seriously about switching to Red Hat, or at least not buying SuSE 9.0. If SuSE is delaying KDe 3.1.4 because of the effort being put into SuSE 9.0, this tactic is backfiring. To SuSE: please keep up to date with security advisories. This is the main reason I have been buying your boxed distributions. Thanks On Mon, 22 Sep 2003 19:41, Matthias Wieser wrote:
Am Montag, 22. September 2003 04:10 schrieb Paul C. Leopardi:
Hi, Since KDE 3.1.4 is a security update prompted originally by a posting to suse-security, I thought it worthwhile to cross-post this question to suse-security.
Why have KDE 3.1.4 SuSE RPMs not yet appeared? Why is there no security advisory? Are the security vulnerabilities fixed in some other way in SuSE 8.2?
Oktoberfest did start last weekend here in bavaria. Just say to your users that they are not allowed to use exploits against those security vulnerabilities.
Hi all, Re: http://www.securitytracker.com/alerts/2003/Sep/1007721.html There is still no security advisory from SuSE, and no KDE 3.1.4 RPMs.
Right. So yes, you're vulnerable if you're using pam_krb5. Most people don't.
Does SuSE expect me to compile KDE from source?
Normally SuSE is very quick with advisories and security updates. This time, it is making think seriously about switching to Red Hat, or at least not buying SuSE 9.0. If SuSE is delaying KDe 3.1.4 because of the effort being put into SuSE 9.0, this tactic is backfiring.
To SuSE: please keep up to date with security advisories. This is the main reason I have been buying your boxed distributions.
Acknowleged. We're doing our best. This one just takes a bit time.
Thanks
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
matthias-wieser@t-online.de
-
Paul C. Leopardi
-
Roman Drahtmueller