Fwd: [kdelibs/KDE/4.10] kioslave/http: Don't show passwords contained in HTTP URLs in error messages
Allen Winter
winter at kde.org
Thu May 9 10:29:08 UTC 2013
On Thursday, May 09, 2013 06:06:58 AM Johannes Huber wrote:
> Am Mittwoch, 8. Mai 2013, 19:50:03 schrieb Allen Winter:
> > Packagers,
> >
> > You might consider hot-patching your kdelibs with this.
> > The code that conceivably might display a user password has been in kdelibs
> > since 2009-07-08 Probably means whatever kdelibs 4.x you are shipping needs
> > this fix.
> >
> >
> > ---------- Forwarded Message ----------
> >
> > Subject: [kdelibs/KDE/4.10] kioslave/http: Don't show passwords contained in
> > HTTP URLs in error messages Date: Wednesday, May 08, 2013, 11:38:51 PM
> > From: Grégory Oestreicher <greg at kamago.net>
> > To: kde-commits at kde.org
> >
> > Git commit 65d736dab592bced4410ccfa4699de89f78c96ca by Grégory Oestreicher.
> > Committed on 08/05/2013 at 23:16.
> > Pushed by goestreicher into branch 'KDE/4.10'.
> >
> > Don't show passwords contained in HTTP URLs in error messages
> > BUG: 319428
> >
> > M +3 -3 kioslave/http/http.cpp
> >
> > http://commits.kde.org/kdelibs/65d736dab592bced4410ccfa4699de89f78c96ca
> >
> > diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
> > index 2d139a9..129fc7b 100644
> > --- a/kioslave/http/http.cpp
> > +++ b/kioslave/http/http.cpp
> > @@ -3056,7 +3056,7 @@ try_again:
> > ; // Ignore error
> > } else {
> > if (!sendErrorPageNotification()) {
> > - error(ERR_INTERNAL_SERVER, m_request.url.url());
> > + error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl());
> > return false;
> > }
> > }
> > @@ -3072,9 +3072,9 @@ try_again:
> > // Tell that we will only get an error page here.
> > if (!sendErrorPageNotification()) {
> > if (m_request.responseCode == 403)
> > - error(ERR_ACCESS_DENIED, m_request.url.url());
> > + error(ERR_ACCESS_DENIED, m_request.url.prettyUrl());
> > else
> > - error(ERR_DOES_NOT_EXIST, m_request.url.url());
> > + error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl());
> > return false;
> > }
> > } else if (m_request.responseCode >= 301 && m_request.responseCode<=
> > 303) {
> >
> > -----------------------------------------
> > _______________________________________________
> > Kde-packager mailing list
> > Kde-packager at kde.org
> > https://mail.kde.org/mailman/listinfo/kde-packager
>
> Hello Allen,
>
> thanks for the patch. Is there an CVE for this issue?
>
No. This came about from a normal user bug report 319428 we saw in kdepim a couple days ago.
-Allen
More information about the release-team
mailing list