On Thu, 2005-03-03 at 16:07 +0800, Ow Mun Heng wrote: > I just noticed that GLSA 200501-16 > Konqueror: Java sandbox vulnerabilities > > affects my laptop. I want to know if it's advisable to _not_ upgrade to > the newer kdelibs. Since this GLSA affects only Konqueror and I only > have kdelibs for the few kde utils which I use such as KB3. > > Other than that, I don't need KDE at all and I don't particularly like > to compile another newer version of KDE unless I have to. > > What say you all?
the glsa doesn't say you need a whole new kde. all you need to do is update kdelibs to >=kdelibs-3.3.2 If you are not using konqueror it probably doesn't particularly matter, as only browsing seems to be vulnerable: "Impact: A remote attacker could embed a malicious Java applet in a web page and entice a victim to view it. This applet can then bypass security restrictions and execute any command, or access any file with the rights of the user running Konqueror." > -- Nick Rout <[EMAIL PROTECTED]> -- [email protected] mailing list
