[Secure-testing-team] Bug#707776: kde4libs: CVE-2013-2074: prints passwords contained in HTTP URLs in error messages
Salvatore Bonaccorso
carnil at debian.org
Sat May 11 08:30:54 UTC 2013
Package: kde4libs
Version: 4:4.8.4-4
Severity: important
Tags: security patch
Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=319428
Hi,
the following vulnerability was published for kde4libs.
CVE-2013-2074[0]:
prints passwords contained in HTTP URLs in error messages
Upstream Bugreport is [1] containing a patch [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2074
http://security-tracker.debian.org/tracker/CVE-2013-2074
[1] https://bugs.kde.org/show_bug.cgi?id=319428
[2] https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp
Please adjust the affected versions in the BTS as needed, the version
in wheezy, testing and unstable looks affected. (oldstable and
experimental are not checked).
Regards,
Salvatore
More information about the Secure-testing-team
mailing list