Notification errors messages was providing the username & password in their content which is not a good idea... The patch added as patch207 in kdelibs4 fix the issue: src.rpm: kdelibs4-4.8.5-1.7.mga2.src.rpm Packages for x86_64 : kdelibs4-core-4.8.5-1.7.mga2.x86_64.rpm kdelibs4-debug-4.8.5-1.7.mga2.x86_64.rpm kdelibs4-devel-4.8.5-1.7.mga2.x86_64.rpm kdelibs4-handbooks-4.8.5-1.7.mga2.noarch.rpm lib64kcmutils4-4.8.5-1.7.mga2.x86_64.rpm lib64kde3support4-4.8.5-1.7.mga2.x86_64.rpm lib64kdeclarative5-4.8.5-1.7.mga2.x86_64.rpm lib64kdecore5-4.8.5-1.7.mga2.x86_64.rpm lib64kdefakes5-4.8.5-1.7.mga2.x86_64.rpm lib64kdesu5-4.8.5-1.7.mga2.x86_64.rpm lib64kdeui5-4.8.5-1.7.mga2.x86_64.rpm lib64kdewebkit5-4.8.5-1.7.mga2.x86_64.rpm lib64kdnssd4-4.8.5-1.7.mga2.x86_64.rpm lib64kemoticons4-4.8.5-1.7.mga2.x86_64.rpm lib64kfile4-4.8.5-1.7.mga2.x86_64.rpm lib64khtml5-4.8.5-1.7.mga2.x86_64.rpm lib64kidletime4-4.8.5-1.7.mga2.x86_64.rpm lib64kimproxy4-4.8.5-1.7.mga2.x86_64.rpm lib64kio5-4.8.5-1.7.mga2.x86_64.rpm lib64kjs4-4.8.5-1.7.mga2.x86_64.rpm lib64kjsapi4-4.8.5-1.7.mga2.x86_64.rpm lib64kjsembed4-4.8.5-1.7.mga2.x86_64.rpm lib64kmediaplayer4-4.8.5-1.7.mga2.x86_64.rpm lib64knewstuff2_4-4.8.5-1.7.mga2.x86_64.rpm lib64knewstuff3_4-4.8.5-1.7.mga2.x86_64.rpm lib64knotifyconfig4-4.8.5-1.7.mga2.x86_64.rpm lib64kntlm4-4.8.5-1.7.mga2.x86_64.rpm lib64kparts4-4.8.5-1.7.mga2.x86_64.rpm lib64kprintutils4-4.8.5-1.7.mga2.x86_64.rpm lib64kpty4-4.8.5-1.7.mga2.x86_64.rpm lib64krosscore4-4.8.5-1.7.mga2.x86_64.rpm lib64krossui4-4.8.5-1.7.mga2.x86_64.rpm lib64ktexteditor4-4.8.5-1.7.mga2.x86_64.rpm lib64kunitconversion4-4.8.5-1.7.mga2.x86_64.rpm lib64kunittest4-4.8.5-1.7.mga2.x86_64.rpm lib64kutils4-4.8.5-1.7.mga2.x86_64.rpm lib64nepomuk4-4.8.5-1.7.mga2.x86_64.rpm lib64nepomukquery4-4.8.5-1.7.mga2.x86_64.rpm lib64nepomukutils4-4.8.5-1.7.mga2.x86_64.rpm lib64plasma3-4.8.5-1.7.mga2.x86_64.rpm lib64solid4-4.8.5-1.7.mga2.x86_64.rpm lib64threadweaver4-4.8.5-1.7.mga2.x86_64.rpm packages for i586 : kdelibs4-core-4.8.5-1.7.mga2.i586.rpm kdelibs4-debug-4.8.5-1.7.mga2.i586.rpm kdelibs4-devel-4.8.5-1.7.mga2.i586.rpm kdelibs4-handbooks-4.8.5-1.7.mga2.noarch.rpm libkcmutils4-4.8.5-1.7.mga2.i586.rpm libkde3support4-4.8.5-1.7.mga2.i586.rpm libkdeclarative5-4.8.5-1.7.mga2.i586.rpm libkdecore5-4.8.5-1.7.mga2.i586.rpm libkdefakes5-4.8.5-1.7.mga2.i586.rpm libkdesu5-4.8.5-1.7.mga2.i586.rpm libkdeui5-4.8.5-1.7.mga2.i586.rpm libkdewebkit5-4.8.5-1.7.mga2.i586.rpm libkdnssd4-4.8.5-1.7.mga2.i586.rpm libkemoticons4-4.8.5-1.7.mga2.i586.rpm libkfile4-4.8.5-1.7.mga2.i586.rpm libkhtml5-4.8.5-1.7.mga2.i586.rpm libkidletime4-4.8.5-1.7.mga2.i586.rpm libkimproxy4-4.8.5-1.7.mga2.i586.rpm libkio5-4.8.5-1.7.mga2.i586.rpm libkjs4-4.8.5-1.7.mga2.i586.rpm libkjsapi4-4.8.5-1.7.mga2.i586.rpm libkjsembed4-4.8.5-1.7.mga2.i586.rpm libkmediaplayer4-4.8.5-1.7.mga2.i586.rpm libknewstuff2_4-4.8.5-1.7.mga2.i586.rpm libknewstuff3_4-4.8.5-1.7.mga2.i586.rpm libknotifyconfig4-4.8.5-1.7.mga2.i586.rpm libkntlm4-4.8.5-1.7.mga2.i586.rpm libkparts4-4.8.5-1.7.mga2.i586.rpm libkprintutils4-4.8.5-1.7.mga2.i586.rpm libkpty4-4.8.5-1.7.mga2.i586.rpm libkrosscore4-4.8.5-1.7.mga2.i586.rpm libkrossui4-4.8.5-1.7.mga2.i586.rpm libktexteditor4-4.8.5-1.7.mga2.i586.rpm libkunitconversion4-4.8.5-1.7.mga2.i586.rpm libkunittest4-4.8.5-1.7.mga2.i586.rpm libkutils4-4.8.5-1.7.mga2.i586.rpm libnepomuk4-4.8.5-1.7.mga2.i586.rpm libnepomukquery4-4.8.5-1.7.mga2.i586.rpm libnepomukutils4-4.8.5-1.7.mga2.i586.rpm libplasma3-4.8.5-1.7.mga2.i586.rpm libsolid4-4.8.5-1.7.mga2.i586.rpm libthreadweaver4-4.8.5-1.7.mga2.i586.rpm Kde bug url : https://bugs.kde.org/show_bug.cgi?id=319428 Proposal of advisory " Code available in the kioslave http was displaying in error message the password used in http url, this update fix the issue. You can read https://bugs.kde.org/show_bug.cgi?id=319428 for more information. " Reproducible: Steps to Reproduce:
No real PoC so just testing with KDE applications. Testing complete mga2 32 with digikam, gwenview, dragon player, konversation, kcalc, kwrite
Whiteboard: (none) => has_procedure mga2-32-ok
Testing complete mga2 64 No regressions noticed. Validating Advisory and srpm in comment 0 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok mga2-64-okCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0145
Status: NEW => RESOLVEDCC: (none) => tmbComponent: RPM Packages => SecurityResolution: (none) => FIXED
CVE link added to advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2074