Source: kio Version: 5.22.0-1 Severity: important Tags: patch upstream security
Hi, the following vulnerability was published for kio. CVE-2017-6410[0]: | kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls | the PAC FindProxyForURL function with a full https URL (potentially | including Basic Authentication credentials, a query string, or | PATH_INFO), which allows remote attackers to obtain sensitive | information via a crafted PAC file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410 [1] https://commits.kde.org/kio/f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 [2] https://www.kde.org/info/security/advisory-20170228-1.txt Regards, Salvatore
