Bug#707776: kde4libs: CVE-2013-2074: prints passwords contained in HTTP URLs in error messages
Package: kde4libs
Version: 4:4.8.4-4
Severity: important
Tags: security patch
Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=319428
Hi,
the following vulnerability was published for kde4libs.
CVE-2013-2074[0]:
prints passwords contained in HTTP URLs in error messages
Upstream Bugreport is [1] containing a patch [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2074
http://security-tracker.debian.org/tracker/CVE-2013-2074
[1] https://bugs.kde.org/show_bug.cgi?id=319428
[2] https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp
Please adjust the affected versions in the BTS as needed, the version
in wheezy, testing and unstable looks affected. (oldstable and
experimental are not checked).
Regards,
Salvatore
Reply to: