On Fri, 3 Feb 2006, David Houlder wrote: > Hi... > > Am I right in thinking that this... > http://www.kde.org/info/security/advisory-20060119-1.txt > ...currently affects FC3? > Thanks > You are correct. Thanks for bringing it up. A bug report has already been entered into Bugzilla (ticket #178606) for this vulnerability. This is also known as "CVE-2006-0019 kjs encodeuri/ decodeuri heap overflow vulnerability." The Red Hat Security Team rated this as a critical vulnerability in their postings. See: <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178606> This CVE-2006-0019 vulnerability appears to only affect FC2 and FC3, and not RHL 7.3, RHL 9, nor FC1. There have evidentally been a whole number of other KDE security bugs appear for all 5 distros that Fedora Legacy maintains since the last time Fedora Legacy has issued any KDE errata in Febr., 2005. See <https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123541> for a list of potential vulnerabilities that we have for KDE at the moment. These bugs will affect multiple KDE .src.rpm's for the 5 distros we work with. I have started a Tracker ticket (Bug #179804) to track each .src.rpm package separately. Marc Deslauriers indicated that it would probably be best to address all of those vulnerabilities at once instead of just this CVE-2006-0010 vulnerability by itself (which affects the kdelibs .src.rpm). Am planning to start working up some .src.rpm packages for our community to look at in Bugzilla within a few days for RHL7.3, RHL9, FC1, FC2, and FC2. Am currently working up a spreadsheet to help with the process, which I intend to post to the KDE Tracker bug when it is completed, so we can have one Bug Ticket open per affected .src.rpm package. If anyone would like to help in applying patches to .src.rpm's for some of the distros, I would welcome the help! Thanks. Warm regards, David -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
