Fwd: [USN-447-1] KDE library vulnerabilities

Art Alexion art.alexion at verizon.net
Mon Apr 2 16:30:46 UTC 2007 

On Thursday 29 March 2007 12:20, Howard Coles Jr. wrote:
> On Thursday 29 March 2007 09:47:17 am Art Alexion wrote:
> > How would those of us using 6.06 LTS and the official Kubuntu KDE 3.5.5
> > packages take advantage of this update?
> >
> >
> >
> > ----------  Forwarded Message  ----------
> >
> > Subject: [USN-447-1] KDE library vulnerabilities
> > Date: Wednesday 28 March 2007 23:12
> > From: Kees Cook <kees at ubuntu.com>
> > To: ubuntu-security-announce at lists.ubuntu.com
> > Cc: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
> >
> > ===========================================================
> > Ubuntu Security Notice USN-447-1             March 28, 2007
> > kdelibs vulnerabilities
> > CVE-2007-1308, CVE-2007-1564
> > ===========================================================
> >
> > A security issue affects the following Ubuntu releases:
> >
> > Ubuntu 5.10
> > Ubuntu 6.06 LTS
> > Ubuntu 6.10
>
> Forgive my ignorance if I'm wrong, but considering this is a security fix
> it should just be part of your normal patch updates.  Right?  if Dapper LTS
> is still supported with security updates, that's what I would assume will
> happen.
>
> Of course I'm assuming you have the "security" repositories enabled in your
> sources.list file.

Eventually, it did.  But the updates to Dapper took a couple of days to 
appear.  Dapper was originally released with an older version of KDE, but 
Jonathan Riddell generously packaged KDE 3.5.5 for us.  I thought the 
security maintainers had forgotten about that.

-- 

_____________________________________________________________
Art Alexion

PGP fingerprint: 52A4 B10C AA73 096F A661  92D2 3B65 8EAC ACC5 BA7A
Keyserver: hkp://subkeys.pgp.net
The attachment - signature.asc - is my electronic signature; no need for 
alarm.  Info @ 
http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html
_____________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20070402/2c92a84c/attachment.sig>

More information about the kubuntu-users mailing list