Bug#521298: akregator exposes password of password protected blogs
Package: akregator
Version: 4:3.5.9-5
Severity: important
I subscribed to a password protected blog using a feed URL like this
one:
http://user:password@passwordprotected-blog.example.com/blog/index.rss
Under $HOME/.kde/share/apps/akregator/Archive/ akregator creates a
file, the name containing not only the feed URL but also the username
and password
This may expose passwords to other users of the box.
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages akregator depends on:
ii kdelibs4c2a 4:3.5.10.dfsg.1-0lenny1 core libraries and binaries for al
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libkdepim1a 4:3.5.9-5 KDE PIM library
ii libqt3-mt 3:3.3.8b-5+b1 Qt GUI Library (Threaded runtime v
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
akregator recommends no packages.
akregator suggests no packages.
-- no debconf information
Reply to: