Security patch for kdeprintfax
Olaf Jan Schmidt
olaf at amen-online.de
Sat Dec 7 00:07:39 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
I have a bug fix for a small security problem in kdeprintfax.
Variables are always replaced with quoted values, even if they are already
in quotes. The result is that the variables will be unquoted, leading to
a small security hole.
I don't think there are any real possibilities to exploit this, but it can
do no harm to fix this by unquoting all variables that are within quotes.
I copied the patch from another application where we had the same problem;
I am quite new to KDE programming and not totally sure I applied the
patch correctly. Could someone please check whether everything is OK?
I'm not subscribed to kde-core-devel, so please CC me if you have any
remarks or if you wish me to commit this.
Olaf Jan Schmidt, KDE Accessibility Project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the kde-core-devel