On May 21, 2002 11:49, gobblesat_private wrote: > Vulnerable > ********** > KDE 1 - all platforms > KDE 2 - all platforms > KDE 3 - all platforms [...] > Problem > ******* > > A formatstring vulnerability exist in many talkd implementations. A patch for this has been in KDE CVS since 5pm EDT 05/21/02. Thanks to Waldo Bastian for the quick work. It is patched in the KDE_2_2_BRANCH, KDE_3_0_BRANCH and HEAD branch. There are other problems with this code and we recommend not using it. In particular, users of older KDE versions should disable ktalkd entirely. The just-released KDE 3.0.1 does not contain this fix since we were unaware of it when we sent the source out to the packagers.
This archive was generated by hypermail 2b30 : Fri May 24 2002 - 06:20:27 PDT