821833 – (CVE-2013-2074) VUL-1: CVE-2013-2074: kdelibs4: prints passwords contained in HTTP URLs in error messages

Bug 821833 (CVE-2013-2074) - VUL-1: CVE-2013-2074: kdelibs4: prints passwords contained in HTTP URLs in error messages

Summary: VUL-1: CVE-2013-2074: kdelibs4: prints passwords contained in HTTP URLs in er...

Status:	RESOLVED FIXED

Alias:	CVE-2013-2074

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	E-Mail List
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2013-2074:2.1:(AV:L/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-05-27 10:33 UTC by Matthias Weckbecker
Modified:	2022-02-17 16:34 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2013-05-27 10:33:55 UTC

I think I missed this one while I was re-compiling my systems and the lack of
tools due to that.

 "Continue hiding passwords in URLs displayed to the user The fix introduced by
  65d736da missed two usages of url() instead of prettyUrl(). Thanks to Kevin 
  Kofler for spotting those."

https://bugs.kde.org/show_bug.cgi?id=319428

Comment 1 Christian Trippe 2013-09-13 20:02:13 UTC

Fix is already in included in KDE 4.10.5 on openSUSE 12.3.

Comment 2 Per Jessen 2015-11-06 10:48:08 UTC

Dear Matthias,

this version is out of maintenance, if you still see the problem, please reopen
and move the bug to a more recent product.

Comment 3 Andreas Stieger 2015-11-06 10:58:34 UTC

We are keeping this open for the version of kdelibs3 and kdelibs4 included in SLE 11 SP3.

Comment 4 Christophe Marin 2022-02-17 16:34:08 UTC

Fixed long ago