[kde-freebsd] false CVE positive for kdewebdev ?

Rene Ladan r.c.ladan at gmail.com
Tue Jul 22 08:30:34 CEST 2008


it seems the vulnerability database has a false positive for kdewebdev :

from my daily security check:
> Affected package: kdewebdev-4.0.98
> Type of problem: kdewebdev -- kommander untrusted code execution vulnerability.
> Reference: <http://www.FreeBSD.org/ports/portaudit/91f1adc7-b3e9-11d9-a788-0001020eed82.html>

But according to the website:

> References:
>    * CVE name CVE-2005-0754
>    * URL: <http://www.kde.org/info/security/advisory-20050420-1.txt>
> Affects:
>    * kdewebdev <3.4.0_1,2

i.e.this should not afffect version 4.0.98

Maybe this is because kde4 is not in the main ports tree?


GPG fingerprint = E738 5471 D185 7013 0EE0  4FC8 3C1D 6F83 12E1 84F6 (subkeys.pgp.net)

More information about the kde-freebsd mailing list