On May 21, 2002 11:49, gobbles@hushmail.com wrote:
> Vulnerable
> **********
> KDE 1 - all platforms
> KDE 2 - all platforms
> KDE 3 - all platforms
[...]
> Problem
> *******
>
> A formatstring vulnerability exist in many talkd implementations.
A patch for this has been in KDE CVS since 5pm EDT 05/21/02. Thanks to
Waldo Bastian for the quick work. It is patched in the KDE_2_2_BRANCH,
KDE_3_0_BRANCH and HEAD branch. There are other problems with this code and
we recommend not using it. In particular, users of older KDE versions should
disable ktalkd entirely.
The just-released KDE 3.0.1 does not contain this fix since we were
unaware of it when we sent the source out to the packagers.
