oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: kdelibs

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 10 May 2013 20:19:39 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/10/2013 03:31 PM, Seth Arnold wrote:

Hello Kurt, Steve, all,

A bug in our Launchpad [1] refers to KDE Bug 319428 [2] as fixing
a security issue: displaying raw URLs, including passwords, in a
handful of error messages. A patch is in git [3] to sanitize URLs
before displaying them in the affected error messages.

1: https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1178286 
2: https://bugs.kde.org/show_bug.cgi?id=319428 3:
http://commits.kde.org/kdelibs/65d736dab592bced4410ccfa4699de89f78c96ca

 Please assign a CVE number for this issue. Thank you.

Seth


Vince asked first =) Please see

http://openwall.com/lists/oss-security/2013/05/11/2

for the cve (don't want to post it twice, avoid confusion).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRjaq7AAoJEBYNRVNeJnmTHVEQAJgacBYBW0RZgoyK2EGnj77y
I6V05qgLiKezPtcmDo2ZZq0WUgFrc4zCkMbxZ2H2VWm4Ezav9Oybj5sAQ1KRKfhh
p5h7BnxqfuWwDMj7XalQZbTQbC21uZExK2XYmyu+tI3s2Wda1pXYLE+wERip9JhE
rZ319u2/KeTQwFiYHsB4Yqs4s4VeaowVzwDHOZLOZpd0+vDk5XkI8rZF8c5ZOkn2
yxOPpX3IFF72Q+LEZJPLcD3dOlZ0TCweCy4BAzhHMjODu+bEbWUX/OLXCfj/jYzZ
iA6y95uVi8qQv5WUFitXlrG08nx3OcPK+yOxUnkWSPR696MnwPs7A/dgmGpyv6vp
CaUKS4saDup6mbhy1rLaFGPkp3P/f44QjFl+NENOox5VeaEhhBwkPGu3PFcOoIrS
uWVK9EIfPOquSIE66ARiS9o6Qja5p2bjo5X7lphzTEaj6oYhz32Y9broVwynqK8t
f2DJ+avoZjQEa9GlZCaeSmy/N1ZI1jckrXy1iYbhIjjDBO7WxBQDcfK/Guxo/XkR
c0z98h6VGMne0BoC/l/DT0NEfCDnBCX+fCVJ7nCIXhbMBYtLvVCSFK9OtcVK3RTQ
pXBwqXRCHKQ1tCnjOgGnul5D7dYYYoCP444zlXNkRNzRaIOqD4jPYcoRQAYmiE/T
QE02rjsbFbWMJAJt3fcZ
=ifTt
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: