On Monday 08 November 2004 07:46 pm, Chris Cheney wrote: > On Tue, Nov 09, 2004 at 12:37:55AM +0100, Andreas Mueller wrote: > > Package: kfax > > Version: 4:3.3.1-1 > > Severity: normal > > > > > > -- cut from the inoffical KDE Security Advisory -- > > > > kfax, a small utility for displaying fax files, contains > > for historic reasons a private copy of libtiff. > > Therefore it is vulnerable to these issues as well. > > > > As a workaround, you can remove the kfax binary and the > > kfax_multipage KPart from your system to be on the safe > > side. A new package is now on ktown. > > > > This issue is already sort-of public because Red Hat already announced > > it as part of their kdegraphics update. > > > > Cheers, > > amu > > The kfax in kdegraphics 3.3.1-1 deb is already fixed afaik, they removed > libtiff from kdegraphics source and use libtiff-tools instead. > > Chris
It is not fixed in kdegraphics 3.3.1-1. I just downloaded the source (apt-get source kdegraphics), and the kfax.cpp is the version dated July 12, 2004 which is in the tagged KDE_3_3_1_RELEASE. The fix was committed to both KDE_3_3_BRANCH and KDE_3_2_BRANCH on October 16, 2004. The 3.2 branch was refixed on October 23. Josh
