[kde-freebsd] false CVE positive for kdewebdev ?
Martin Wilke
miwi at FreeBSD.org
Mon Aug 4 12:01:07 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Jul 22, 2008 at 08:30:34AM +0200, Rene Ladan wrote:
> Hi,
>
> it seems the vulnerability database has a false positive for kdewebdev :
>
> from my daily security check:
> > Affected package: kdewebdev-4.0.98
> > Type of problem: kdewebdev -- kommander untrusted code execution vulnerability.
> > Reference: <http://www.FreeBSD.org/ports/portaudit/91f1adc7-b3e9-11d9-a788-0001020eed82.html>
>
> But according to the website:
>
> > References:
> > * CVE name CVE-2005-0754
> > * URL: <http://www.kde.org/info/security/advisory-20050420-1.txt>
> > Affects:
> > * kdewebdev <3.4.0_1,2
>
> i.e.this should not afffect version 4.0.98
>
> Maybe this is because kde4 is not in the main ports tree?
I solved this problem today. Thanks for your report.
- - Martin
>
> Regards,
> Rene
> --
> http://www.rene-ladan.nl/
>
> GPG fingerprint = E738 5471 D185 7013 0EE0 4FC8 3C1D 6F83 12E1 84F6 (subkeys.pgp.net)
> _______________________________________________
> kde-freebsd mailing list
> kde-freebsd at kde.org
> https://mail.kde.org/mailman/listinfo/kde-freebsd
>
- --
+-----------------------+-------------------------------+
| PGP : 0x05682353 | Jabber : miwi(at)BSDCrew.de |
| ICQ : 169139903 | Mail : miwi(at)FreeBSD.org |
+-----------------------+-------------------------------+
| Mess with the Best, Die like the Rest! |
+-----------------------+-------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkiW02IACgkQFwpycAVoI1OWegCfRodiB/G0zXgEhSoguzqTsYKo
b24AniUhM/j/Ypb+U8D3oxhDMpRnxN7w
=bYkG
-----END PGP SIGNATURE-----
More information about the kde-freebsd
mailing list