[Konversation-devel] Re: konversation security bugs
Waldo Bastian
bastian at suse.com
Thu Jan 20 11:46:44 CET 2005
On Wednesday 19 January 2005 19:17, George Staikos wrote:
> On Wednesday 19 January 2005 13:02, you wrote:
> > do we do advisories for extragear stuff?
> >
> > http://wouter.coekaerts.be/konversation.html
> >
> > anybody time for writing it? I'm currently busy and it has already been
> > mailed to bugtraq and friends.
>
> IMHO they're released by the author so the author is responsible.
Well, I think it would still be beneficial of having a central point for KDE
security alerts to inform vendors etc.
So if the konversation developers are interested I can assist with getting an
advisory out.
Steps to take:
* Evaluate the actual impact of the listed problems, can they be used by a bad
guy to do harm? How?
* Get a CVE number (I can do that)
* Prepare a patch that fixes the problems.
* Review the patch to make sure it fixes all problems.
* Decide whether you want to release a new version, the webpage above mentions
konversation 0.15.1 but I don't see it mentioned on the konversation download
page. (Who makes the release for konversation?)
* Prepare the advisory (anyone can do that, just take an entry from
http://www.kde.org/info/security and use that as template)
* Send the advisory around for review
* Publish the advisory (I can do that)
Cheers,
Waldo
--
bastian at kde.org | Free Novell Linux Desktop 9 Evaluation Download
bastian at suse.com | http://www.novell.com/products/desktop/eval.html
More information about the Konversation-devel
mailing list