Package: kde4libs Version: 4:4.8.4-4 Severity: important Tags: security patch Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=319428
Hi, the following vulnerability was published for kde4libs. CVE-2013-2074[0]: prints passwords contained in HTTP URLs in error messages Upstream Bugreport is [1] containing a patch [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2074 http://security-tracker.debian.org/tracker/CVE-2013-2074 [1] https://bugs.kde.org/show_bug.cgi?id=319428 [2] https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp Please adjust the affected versions in the BTS as needed, the version in wheezy, testing and unstable looks affected. (oldstable and experimental are not checked). Regards, Salvatore -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130511083054.13490.32662.report...@elende.valinor.li
