Mailinglist Archive: opensuse-bugs (4689 mails)

< Previous Next >
[Bug 579280] KDE 4.4.0: Screen may be unlocked without password
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sat, 13 Feb 2010 11:33:14 +0000
  • Message-id: <20100213113314.35D03245522@xxxxxxxxxxxxxxxxxxxxxx>
http://bugzilla.novell.com/show_bug.cgi?id=579280

http://bugzilla.novell.com/show_bug.cgi?id=579280#c18


Marcus Meissner <meissner@xxxxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Summary|VUL-0: KDE4: Screen may be |KDE 4.4.0: Screen may be
|unlocked without password |unlocked without password
|(due to memory leak?) |

--- Comment #18 from Marcus Meissner <meissner@xxxxxxxxxx> 2010-02-13 11:33:12
UTC ---
Reply-To: oss-security@xxxxxxxxxxxxxxxxxx
Date: Fri, 12 Feb 2010 14:38:45 -0500
From: Jeff Mitchell <mitchell@xxxxxxx>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7)
Gecko/20100111
+Thunderbird/3.0.1
To: oss-security@xxxxxxxxxxxxxxxxxx
Subject: Re: [oss-security] Re: CVE Request: KDE screensaver unlock issue
similar to GNOME one

[-- PGP Ausgabe folgt (aktuelle Zeit: Sam 13 Feb 2010 12:32:20 CET) --]
gpg: Signature made Fre 12 Feb 2010 20:38:49 CET using DSA key ID D0AE1825
gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel nicht
gefunden
[-- Ende der PGP-Ausgabe --]

[-- Die folgenden Daten sind signiert --]

On 2/12/2010 1:18 PM, Jeff Mitchell wrote:
Sorry it's not in the same thread, as I wasn't subscribed to this list
at the time.

I can verify that only KDE SC 4.4.0 is affected. Released versions of
4.3 are *not* affected by this bug.

I have committed a patch to the KDE SVN server as revision 1089213. See
https://bugs.kde.org/show_bug.cgi?id=217882#c16

Although this solved the problem for me locally, I'm in the process of
having other testers verify that they can no longer reproduce the
problem with this patch, and will report back once this is verified.

Gentoo and Fedora distribution maintainers have also tested this patch
and verified that it works. The patch against 4.4.0 can easily be
obtained from here: http://websvn.kde.org/?view=revision&revision=1089241

As this is now backported to the 4.4 branch, it is expected that 4.4.0
will be the only release affected by this vulnerability.

Thanks,
Jeff

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
< Previous Next >
References