Security issue in 4.2

Chani chanika at gmail.com
Sun Jan 25 05:28:13 CET 2009


please cc me, I'm not subscribed.

the problem is a bugfix gone awry that exposes a way to get a filedialog on the 
screensaver whenever widgets are turned on.

the good news is, widgets are disabled by default, so this only affects people 
who enable them.

however, this bug changes widgets from "secure if you think before adding 
plasmoids" to "not secure, period" - and there's no warning when you enable 
them.

the attached patch, committed in revision 916332, fixes it.

-- 
This message brought to you by eevil bananas and the number 3.
www.chani3.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix.diff
Type: text/x-patch
Size: 736 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/release-team/attachments/20090124/0ea5400e/attachment.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/release-team/attachments/20090124/0ea5400e/attachment.sig 


More information about the release-team mailing list