Security issue in 4.2
Chani
chanika at gmail.com
Sun Jan 25 05:28:13 CET 2009
please cc me, I'm not subscribed.
the problem is a bugfix gone awry that exposes a way to get a filedialog on the
screensaver whenever widgets are turned on.
the good news is, widgets are disabled by default, so this only affects people
who enable them.
however, this bug changes widgets from "secure if you think before adding
plasmoids" to "not secure, period" - and there's no warning when you enable
them.
the attached patch, committed in revision 916332, fixes it.
--
This message brought to you by eevil bananas and the number 3.
www.chani3.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix.diff
Type: text/x-patch
Size: 736 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/release-team/attachments/20090124/0ea5400e/attachment.diff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/release-team/attachments/20090124/0ea5400e/attachment.sig
More information about the release-team
mailing list