On Tue, Mar 09, 2004 at 09:38:36PM +0100, Matthias Drochner wrote:
> Perhaps we can patch around it...
> (The original link describing the bug is dead.)
> Otoh, the mere existence of a development library which might
> allow building of insecure apps does not mean much. It is the
> installation of a program which uses that lib as root or suid
> what causes the risk.

There's a list of vulnerabilities and partially patches at
	http://www.kde.org/info/2.2.2.php
I don't know which of these are already fixed in the package.

> So I'd say: leave at least kdelibs2. Maybe more, if the problem
> can be patched.

If someone _does_ the patching, I have no problem with that. :)

 Thomas