[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#707776: kde4libs: CVE-2013-2074: prints passwords contained in HTTP URLs in error messages

Package: kde4libs
Version: 4:4.8.4-4
Severity: important
Tags: security patch
Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=319428

Hi,

the following vulnerability was published for kde4libs.

CVE-2013-2074[0]:
prints passwords contained in HTTP URLs in error messages

Upstream Bugreport is [1] containing a patch [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2074
    http://security-tracker.debian.org/tracker/CVE-2013-2074
[1] https://bugs.kde.org/show_bug.cgi?id=319428
[2] https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp

Please adjust the affected versions in the BTS as needed, the version
in wheezy, testing and unstable looks affected. (oldstable and
experimental are not checked).

Regards,
Salvatore
Reply to: