Red Hat Bugzilla – Bug 840626
Last modified: 2013-04-11 17:42:43 EDT
The code in question looks as though it was only introduced in kdepim 4.4, which means that Red Hat Enterprise Linux 6 and earlier are not affected by this. No CVE has been assigned as of yet.
Created kdepim tracking bugs for this issue
Affects: fedora-all [bug 840627]
I've asked upstream for confirmation as to when this was introduced:
this issue was committed in december 2000
but it's first included in 4.6.0 stable release, so this issue is not affected in rhel =< 6 but in f16,f17 and rawhide.
it's in update-testing now.
That's right, according to upstream's response, this was added in 4.6 or 4.7:
Not vulnerable. This issue did not affect the versions of kdepim as shipped with Red Hat Enterprise Linux 5 or 6.
This was assigned the name CVE-2012-3413:
kdepim-4.8.4-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
kdepim-4.8.4-4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.