[Psi-Devel] Certificate Spoofing issue in PSI

[Sven Lankes]

Hello Psi-Maintainers,

it has bee brought to my attention (as the maintainer of the fedora-psi
package) that the currently released psi version is vulnerable to the
issues listed in the security advisory below. Mainly:

    When displaying a security dialog with a certificate, KSSL does not
    properly force its QLabels to use QLabel::PlainText. As a result, if
    given a certificate containing rich text in its fields, it will
    render the rich text.

http://archives.neohapsis.com/archives/fulldisclosure/2011-10/att-0353/NDSA20111003.txt.asc
http://www.kde.org/info/security/advisory-20111003-1.txt

I've looked at parts of the source long and hard and did come to the
conclusion that it would be way to dangerous for me to touch that part
of the code myself introducing more breakage than I would be fixing.

Is there maybe a chance to get a 0.14.1 release with (those) security
issues fixed? Or even a 0.15?

-- 
sven === jabber/xmpp: sven at lankes.net