Date: Fri, 10 May 2013 14:31:05 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: coley@...us.mitre.org Cc: oss-security@...ts.openwall.com, security@...ntu.com Subject: CVE Request: kdelibs Hello Kurt, Steve, all, A bug in our Launchpad  refers to KDE Bug 319428  as fixing a security issue: displaying raw URLs, including passwords, in a handful of error messages. A patch is in git  to sanitize URLs before displaying them in the affected error messages. 1: https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1178286 2: https://bugs.kde.org/show_bug.cgi?id=319428 3: http://commits.kde.org/kdelibs/65d736dab592bced4410ccfa4699de89f78c96ca Please assign a CVE number for this issue. Thank you. Seth Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.