|Summary:||psi: input validation flaw|
|Product:||[Other] Security Response||Reporter:||Vincent Danen <vdanen>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2012-01-07 21:32:56 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||746877|
Description Vincent Danen 2011-10-18 04:32:07 UTC
An input validation failure was discovered in KSSL (CVE-2011-3365) and Rekonq (CVE-2011-3366) in KDE SC 4.6.0 up to and including KDE SC 4.7.1, however upstream indicates that ealier versions of KDE SC may also be affected. The upstream advisory  details those flaws. An independent report  also notes that Arora and Psi are affected as well. This bug is for Psi, which currently does not have a CVE name assigned.  http://www.kde.org/info/security/advisory-20111003-1.txt  http://archives.neohapsis.com/archives/fulldisclosure/2011-10/att-0353/NDSA20111003.txt.asc
Comment 1 Vincent Danen 2011-10-18 04:48:09 UTC
Created psi tracking bugs for this issue Affects: fedora-all [bug 746877]
Comment 2 Fedora Update System 2011-12-06 01:02:37 UTC
psi-0.14-7.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2011-12-06 01:07:02 UTC
psi-0.14-7.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Sven Lankes 2012-01-07 21:32:56 UTC
For some reason bodhi hasn't closed this bug as expected.