Bug 10037 - Bug fix release for kdelibs4
Summary: Bug fix release for kdelibs4
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: All Linux
: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: https://bugs.kde.org/show_bug.cgi?id=...
Whiteboard: has_procedure mga2-32-ok mga2-64-ok
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-05-09 13:12 CEST by John Balcaen
Modified: 2013-05-11 13:08 CEST (History)
2 users (show)

See Also:
Source RPM: kdelibs4-4.8.5-1.7.mga2.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description John Balcaen 2013-05-09 13:12:11 CEST 
Notification errors messages was providing the username & password in their content which is not a good idea...
The patch added as patch207 in kdelibs4 fix the issue:
src.rpm:
kdelibs4-4.8.5-1.7.mga2.src.rpm

Packages for x86_64 :
kdelibs4-core-4.8.5-1.7.mga2.x86_64.rpm
kdelibs4-debug-4.8.5-1.7.mga2.x86_64.rpm
kdelibs4-devel-4.8.5-1.7.mga2.x86_64.rpm
kdelibs4-handbooks-4.8.5-1.7.mga2.noarch.rpm
lib64kcmutils4-4.8.5-1.7.mga2.x86_64.rpm
lib64kde3support4-4.8.5-1.7.mga2.x86_64.rpm
lib64kdeclarative5-4.8.5-1.7.mga2.x86_64.rpm
lib64kdecore5-4.8.5-1.7.mga2.x86_64.rpm
lib64kdefakes5-4.8.5-1.7.mga2.x86_64.rpm
lib64kdesu5-4.8.5-1.7.mga2.x86_64.rpm
lib64kdeui5-4.8.5-1.7.mga2.x86_64.rpm
lib64kdewebkit5-4.8.5-1.7.mga2.x86_64.rpm
lib64kdnssd4-4.8.5-1.7.mga2.x86_64.rpm
lib64kemoticons4-4.8.5-1.7.mga2.x86_64.rpm
lib64kfile4-4.8.5-1.7.mga2.x86_64.rpm
lib64khtml5-4.8.5-1.7.mga2.x86_64.rpm
lib64kidletime4-4.8.5-1.7.mga2.x86_64.rpm
lib64kimproxy4-4.8.5-1.7.mga2.x86_64.rpm
lib64kio5-4.8.5-1.7.mga2.x86_64.rpm
lib64kjs4-4.8.5-1.7.mga2.x86_64.rpm
lib64kjsapi4-4.8.5-1.7.mga2.x86_64.rpm
lib64kjsembed4-4.8.5-1.7.mga2.x86_64.rpm
lib64kmediaplayer4-4.8.5-1.7.mga2.x86_64.rpm
lib64knewstuff2_4-4.8.5-1.7.mga2.x86_64.rpm
lib64knewstuff3_4-4.8.5-1.7.mga2.x86_64.rpm
lib64knotifyconfig4-4.8.5-1.7.mga2.x86_64.rpm
lib64kntlm4-4.8.5-1.7.mga2.x86_64.rpm
lib64kparts4-4.8.5-1.7.mga2.x86_64.rpm
lib64kprintutils4-4.8.5-1.7.mga2.x86_64.rpm
lib64kpty4-4.8.5-1.7.mga2.x86_64.rpm
lib64krosscore4-4.8.5-1.7.mga2.x86_64.rpm
lib64krossui4-4.8.5-1.7.mga2.x86_64.rpm
lib64ktexteditor4-4.8.5-1.7.mga2.x86_64.rpm
lib64kunitconversion4-4.8.5-1.7.mga2.x86_64.rpm
lib64kunittest4-4.8.5-1.7.mga2.x86_64.rpm
lib64kutils4-4.8.5-1.7.mga2.x86_64.rpm
lib64nepomuk4-4.8.5-1.7.mga2.x86_64.rpm
lib64nepomukquery4-4.8.5-1.7.mga2.x86_64.rpm
lib64nepomukutils4-4.8.5-1.7.mga2.x86_64.rpm
lib64plasma3-4.8.5-1.7.mga2.x86_64.rpm
lib64solid4-4.8.5-1.7.mga2.x86_64.rpm
lib64threadweaver4-4.8.5-1.7.mga2.x86_64.rpm


packages for i586 :
kdelibs4-core-4.8.5-1.7.mga2.i586.rpm
kdelibs4-debug-4.8.5-1.7.mga2.i586.rpm
kdelibs4-devel-4.8.5-1.7.mga2.i586.rpm
kdelibs4-handbooks-4.8.5-1.7.mga2.noarch.rpm
libkcmutils4-4.8.5-1.7.mga2.i586.rpm
libkde3support4-4.8.5-1.7.mga2.i586.rpm
libkdeclarative5-4.8.5-1.7.mga2.i586.rpm
libkdecore5-4.8.5-1.7.mga2.i586.rpm
libkdefakes5-4.8.5-1.7.mga2.i586.rpm
libkdesu5-4.8.5-1.7.mga2.i586.rpm
libkdeui5-4.8.5-1.7.mga2.i586.rpm
libkdewebkit5-4.8.5-1.7.mga2.i586.rpm
libkdnssd4-4.8.5-1.7.mga2.i586.rpm
libkemoticons4-4.8.5-1.7.mga2.i586.rpm
libkfile4-4.8.5-1.7.mga2.i586.rpm
libkhtml5-4.8.5-1.7.mga2.i586.rpm
libkidletime4-4.8.5-1.7.mga2.i586.rpm
libkimproxy4-4.8.5-1.7.mga2.i586.rpm
libkio5-4.8.5-1.7.mga2.i586.rpm
libkjs4-4.8.5-1.7.mga2.i586.rpm
libkjsapi4-4.8.5-1.7.mga2.i586.rpm
libkjsembed4-4.8.5-1.7.mga2.i586.rpm
libkmediaplayer4-4.8.5-1.7.mga2.i586.rpm
libknewstuff2_4-4.8.5-1.7.mga2.i586.rpm
libknewstuff3_4-4.8.5-1.7.mga2.i586.rpm
libknotifyconfig4-4.8.5-1.7.mga2.i586.rpm
libkntlm4-4.8.5-1.7.mga2.i586.rpm
libkparts4-4.8.5-1.7.mga2.i586.rpm
libkprintutils4-4.8.5-1.7.mga2.i586.rpm
libkpty4-4.8.5-1.7.mga2.i586.rpm
libkrosscore4-4.8.5-1.7.mga2.i586.rpm
libkrossui4-4.8.5-1.7.mga2.i586.rpm
libktexteditor4-4.8.5-1.7.mga2.i586.rpm
libkunitconversion4-4.8.5-1.7.mga2.i586.rpm
libkunittest4-4.8.5-1.7.mga2.i586.rpm
libkutils4-4.8.5-1.7.mga2.i586.rpm
libnepomuk4-4.8.5-1.7.mga2.i586.rpm
libnepomukquery4-4.8.5-1.7.mga2.i586.rpm
libnepomukutils4-4.8.5-1.7.mga2.i586.rpm
libplasma3-4.8.5-1.7.mga2.i586.rpm
libsolid4-4.8.5-1.7.mga2.i586.rpm
libthreadweaver4-4.8.5-1.7.mga2.i586.rpm

Kde bug url : 
https://bugs.kde.org/show_bug.cgi?id=319428

Proposal of advisory
" Code available in the kioslave http was displaying in error message the password used in http url, this update fix the issue.
You can read https://bugs.kde.org/show_bug.cgi?id=319428 for more information. "



Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-05-10 13:21:21 CEST 
No real PoC so just testing with KDE applications.

Testing complete mga2 32 with digikam, gwenview, dragon player, konversation, kcalc, kwrite
Comment 2 claire robinson 2013-05-10 15:00:34 CEST 
Testing complete mga2 64

No regressions noticed.

Validating

Advisory and srpm in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 3 Thomas Backlund 2013-05-10 20:29:12 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0145
Comment 4 Thomas Backlund 2013-05-11 13:08:15 CEST 
CVE link added to advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2074
Note You need to log in before you can comment on or make changes to this bug.