oss-sec mailing list archives
Re: CVE Request: kdelibs
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 10 May 2013 20:19:39 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/10/2013 03:31 PM, Seth Arnold wrote:
Hello Kurt, Steve, all, A bug in our Launchpad [1] refers to KDE Bug 319428 [2] as fixing a security issue: displaying raw URLs, including passwords, in a handful of error messages. A patch is in git [3] to sanitize URLs before displaying them in the affected error messages. 1: https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1178286 2: https://bugs.kde.org/show_bug.cgi?id=319428 3: http://commits.kde.org/kdelibs/65d736dab592bced4410ccfa4699de89f78c96ca Please assign a CVE number for this issue. Thank you. Seth
Vince asked first =) Please see http://openwall.com/lists/oss-security/2013/05/11/2 for the cve (don't want to post it twice, avoid confusion). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRjaq7AAoJEBYNRVNeJnmTHVEQAJgacBYBW0RZgoyK2EGnj77y I6V05qgLiKezPtcmDo2ZZq0WUgFrc4zCkMbxZ2H2VWm4Ezav9Oybj5sAQ1KRKfhh p5h7BnxqfuWwDMj7XalQZbTQbC21uZExK2XYmyu+tI3s2Wda1pXYLE+wERip9JhE rZ319u2/KeTQwFiYHsB4Yqs4s4VeaowVzwDHOZLOZpd0+vDk5XkI8rZF8c5ZOkn2 yxOPpX3IFF72Q+LEZJPLcD3dOlZ0TCweCy4BAzhHMjODu+bEbWUX/OLXCfj/jYzZ iA6y95uVi8qQv5WUFitXlrG08nx3OcPK+yOxUnkWSPR696MnwPs7A/dgmGpyv6vp CaUKS4saDup6mbhy1rLaFGPkp3P/f44QjFl+NENOox5VeaEhhBwkPGu3PFcOoIrS uWVK9EIfPOquSIE66ARiS9o6Qja5p2bjo5X7lphzTEaj6oYhz32Y9broVwynqK8t f2DJ+avoZjQEa9GlZCaeSmy/N1ZI1jckrXy1iYbhIjjDBO7WxBQDcfK/Guxo/XkR c0z98h6VGMne0BoC/l/DT0NEfCDnBCX+fCVJ7nCIXhbMBYtLvVCSFK9OtcVK3RTQ pXBwqXRCHKQ1tCnjOgGnul5D7dYYYoCP444zlXNkRNzRaIOqD4jPYcoRQAYmiE/T QE02rjsbFbWMJAJt3fcZ =ifTt -----END PGP SIGNATURE-----
Current thread:
- CVE Request: kdelibs Seth Arnold (May 10)
- Re: CVE Request: kdelibs Kurt Seifried (May 10)