Bug 500373

Summary: kdebase-4: konqueror doesn't save CA certificate provided to SSLSigners
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, jreznik, than
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.kde.org/show_bug.cgi?id=185288
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-22 18:19:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Lieskovsky 2009-05-12 13:37:43 UTC
A insufficiency with potential security implications has been found in
Konqueror web browser, shipped with the K Desktop Environment 4. 
Presence of this issue is preventing user(s) from using X.509 digital
certificates for e.g. site / email / code electronic signing.

Upstream bug report:
https://bugs.kde.org/show_bug.cgi?id=185288

Comment 1 Jan Lieskovsky 2009-05-12 13:47:12 UTC
This issue affects the versions of the kdebase-4.* package, as shipped
with Fedora release of 9, 10 and devel.

Workaround: To use functionality provided by digital certificates in affected
Fedora releases / packages, please temporarily downgrade to particular
kdebase3-* packages, which don't suffer on this insufficiency.

This issue doesn't affect the versions of the kdebase package, as shipped
with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Comment 3 Josh Bressers 2010-03-22 18:19:35 UTC
We will need to wait on upstream for this one. Once it's fixed there, it will be fixed in Fedora.