Summary: | kde-base/kdebase: Konqueror SMB share password disclosure | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke Macken (RETIRED) <lewk> | ||||||||||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||||||||
Severity: | normal | CC: | kde, m.debruijne | ||||||||||||||||||
Priority: | High | ||||||||||||||||||||
Version: | unspecified | ||||||||||||||||||||
Hardware: | All | ||||||||||||||||||||
OS: | All | ||||||||||||||||||||
URL: | http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html | ||||||||||||||||||||
Whiteboard: | B4 [glsa] jaervosz | ||||||||||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||||||||||
Attachments: |
|
Description
Luke Macken (RETIRED)
2004-11-29 04:45:41 UTC
Confirmed. CC'ing maintainer and waiting for upstream. Created attachment 45520 [details]
Draft Advisory
Ahem. I thought security bugs like this were private - why is it being CCed to so many different people when I attached a patch? Because it was public since November 29. Didn't include the reference initially as the web archive is a bit behind. If it is a restricted bug it is clearly noted under the comment window and you're most likely CC'ed directly and not via the kde alias. Created attachment 45522 [details, diff]
3.3.1 kdebase smb fix
Created attachment 45523 [details, diff]
3.3.1 kdelibs kthml fix
Created attachment 45524 [details, diff]
3.3.1 kdelibs kio fix
Created attachment 45525 [details, diff]
3.3.2 kdelibs kio fix
Created attachment 45526 [details, diff]
3.2.3 kdebase smb fix
Created attachment 45527 [details, diff]
3.2.3 kdelibs html fix
Created attachment 45528 [details, diff]
3.2.3 kdelibs kio fix
I will plan to address these patches once the kde folks say that they are happy with the extent of them. The advisory has been made public. kdelibs 3.3.2 already has the fix in portage, so no revision is necessary kde{base,libs} 3.3.1 and 3.2.3 will receive the fixes in a little bit. I will advise what to do next once I get the fixes in portage. kdelibs and kdebase fixes should be in portage soon: fixed versions: kdelibs-3.2.3-r3 kdelibs-3.3.1-r1 kdelibs-3.3.2 (still unstable on all arches) kdebase-3.2.3-r2 kdebase-3.3.1-r1 kdebase-3.3.2 I left the stable arches the same for the rev bump as the patches are very unobtrusive. It looks to me like mips and ppc64 are the only arches without a stable solution to migrate to. Fixed with bug 73869, apparently ready for a GLSA GLSA 200412-16 |