OK, then basically, I don't have to worry about it since I don't use pam_krb5 and SuSE has put out a version of 3.1.4 I can use _if_ I want to: caveat emptor. Thanks for the response, I was afraid I might have munged something accidentally. Still getting used to SuSE. --- Charlie On Thursday 25 September 2003 16:38, Christopher Mahmood wrote:
* Charles Kunce (ckunce@nycap.rr.com) [030925 13:10]:
KDE 3.1.4's upgrade _is_ a security upgrade according to the traffic on this list.
This list isn't authoritative as to what constitutes a security update, suse-security-announce@suse.com is. The problem (http://www.securitytracker.com/alerts/2003/Sep/1007721.html) only affects you if you are using pam_krb5 which you probably aren't (you'd know if you were).
These sorts of questions are best asked on suse-security@suse.com (and were, see http://lists.suse.com/archive/suse-security/2003-Sep/0210.html) since no one from the security reads this list. If you'd like to contact the security team directly about these sorts of issues you can reach them at security@suse.com.
Anything released in ftp.suse.com/pub/suse/supplementary/, /pub/people, or anything else outside of the /pub/suse/<arch>/update is an unofficial, unsigned, unsupported, and probably experimental update that's not intended "casual" use. If these kde packages were security updates they would there and marked as such in YOU.
--
-ckm