From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: kdesu security update needed Date: Thu, 29 Sep 2016 17:34:18 -0400 Message-ID: <20160929213418.GC26894@jasmine> References: <20160929152353.GA6330@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43470) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bpiyR-00078x-SZ for guix-devel@gnu.org; Thu, 29 Sep 2016 17:34:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bpiyL-0008RI-UO for guix-devel@gnu.org; Thu, 29 Sep 2016 17:34:34 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:37665) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bpiyK-0008Pt-Kb for guix-devel@gnu.org; Thu, 29 Sep 2016 17:34:29 -0400 Content-Disposition: inline In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: David Craven Cc: guix-devel On Thu, Sep 29, 2016 at 08:35:53PM +0200, David Craven wrote: > > David, since you added all the KDE packages, can you look into this bug > > and see what we need to do to protect against it? > > They have a vendored kdesu. The source files look pretty different > now, and I'm having a little trouble seeing if the problem is in kde > kdesu or just kde-cli-tools kdesu. From what I can tell the source has > diverged and the problem seems to be with the cli client they wrote > for the kdesu deamon or something like that. Don't know if this is a > satisfying answer... Yeah, that's my interpretation as well. Thanks for looking :)