mailing list archives
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications
From: Jeff Mitchell <mitchell () kde org>
Date: Sun, 31 Jul 2011 23:00:25 -0400
On 07/29/2011 03:53 PM, Josh Bressers wrote:
OK, this one is going to get messy. If you folks want to keep this under
embargo, please contact me in private for IDs (I don't want to try and keep
track on a public list, I'm already unsure what all needs IDs).
If this isn't terribly serious, it may make the most sense to publish
details so we can figure out how many IDs are needed.
As patches are either being worked on currently or finished for the
various affected products that we're aware of, I think we'll get those
committed, give the packagers a 48-hour heads-up, and then we'll just
put the details on this list. Then you can assign CVEs as appropriate
and we can reference those in the various security advisories.
Does that sound good?