By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.

Bug 189

Summary: SECURITY: CVE-2010-0436 (kdm race condition)
Product: TDE Reporter: jm82an4zn1
Component: tdebaseAssignee: Timothy Pearson <kb9vqf>
Status: RESOLVED FIXED    
Severity: major CC: bugwatch, darrella
Priority: P1    
Version: 3.5.11 [Trinity]   
Hardware: Other   
OS: Other   
Compiler Version: TDE Version String:
Application Version: Application Name:
Attachments: Patch file of revision 1097263

Description jm82an4zn1 2010-04-20 07:56:59 CDT
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0436
http://www.kde.org/info/security/advisory-20100413-1.txt

patch [1] proposed for KDE4 applies only in part mainly because of different build system, but it is trivial enough to be adapted, I have no knowledge with kdm internals, otherwise I'd post a patch.

[1]: ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff
Comment 1 Timothy Pearson 2010-04-20 21:03:03 CDT
Fixed in SVN revision 1117056.

Thanks for reporting!
Comment 2 Timothy Pearson 2010-04-21 09:53:29 CDT
> SVN commit 1117056 by tpearson:
> 
> Part 2 of 2 of security patch for KDM [CVE-2010-0436]
> 
that won't compile on solaris. you need to backport r1097263 as well.
Comment 3 Timothy Pearson 2010-04-21 09:54:06 CDT
Created attachment 18 [details]
Patch file of revision 1097263
Comment 4 Timothy Pearson 2010-04-21 13:58:52 CDT
SVN revision 1097263 backported, compilation on Linux checks out as OK.