Backporting of Discover/KNS fixes
Fabian Vogt
fabian at ritter-vogt.de
Mon Feb 21 09:25:22 GMT 2022
Moin,
Am Samstag, 19. Februar 2022, 10:11:06 CET schrieb Ben Cooksley:
> Dear Distributions,
>
> It has recently come to my attention that some distributions have missed
> emails sent to this list recently regarding issues with Discover/KNS.
That sounds like you know which distributions - I assume you reached out to
those directly as well?
> As
> these issues are rather critical I am now requiring all distributions to
> explicitly acknowledge receipt of these emails and to declare the actions
> they have taken. As a reminder, end-user systems without these patches are
> participating in a distributed denial of service attack on KDE.org
> infrastructure.
>
> The two emails which distributions need to keep in mind are:
> - https://mail.kde.org/pipermail/distributions/2022-February/001140.html
> - https://mail.kde.org/pipermail/distributions/2022-February/001142.html
>
> These patches should be backported to all versions currently in support.
>
> For those distributions that have already backported these patches - thank
> you and apologies for the further inconvenience regarding this.
openSUSE Tumbleweed and Leap 15.4 have Plasma 5.24.1 and aren't affected.
Leap 15.3 has Plasma 5.18, so isn't affected either. It also has the knewstuff
User-Agent commit backported (as requested by
https://mail.kde.org/pipermail/distributions/2021-October/001054.html), so
it would identify itself in the traffic log.
I noticed that the previews for fonts still linked to download.kde.org and thus
failed to load, but that appears to be fixed meanwhile.
Cheers,
Fabian
> Thanks,
> Ben Cooksley
> KDE Sysadmin
More information about the Distributions
mailing list