Source: kde4libs Version: 4:4.14.26-1 Severity: important Tags: upstream patch security
Hi, the following vulnerability was published for kde4libs. CVE-2017-6410[0]: | kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls | the PAC FindProxyForURL function with a full https URL (potentially | including Basic Authentication credentials, a query string, or | PATH_INFO), which allows remote attackers to obtain sensitive | information via a crafted PAC file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410 [1] https://commits.kde.org/kdelibs/1804c2fde7bf4e432c6cf5bb8cce5701c7010559 [2] https://www.kde.org/info/security/advisory-20170228-1.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore
