1
PublicDateAtUSN: 2017-03-02
2
Candidate: CVE-2017-6410
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
6
https://www.kde.org/info/security/advisory-20170228-1.txt
7
https://usn.ubuntu.com/usn/usn-3223-1
9
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the
10
PAC FindProxyForURL function with a full https URL (potentially including
11
Basic Authentication credentials, a query string, or PATH_INFO), which
12
allows remote attackers to obtain sensitive information via a crafted PAC
17
https://launchpad.net/bugs/1668871
19
Discovered-by: Itzik Kotler, Yonatan Fridburg, and Amit Klein
26
vivid/stable-phone-overlay_kio: DNE
27
vivid/ubuntu-core_kio: DNE
28
xenial_kio: released (5.18.0-0ubuntu1.1)
29
yakkety_kio: released (5.26.0-0ubuntu2.1)
30
devel_kio: released (5.31.0-0ubuntu2)
33
upstream_kde4libs: needed
34
precise_kde4libs: released (4:4.8.5-0ubuntu0.6)
35
trusty_kde4libs: released (4:4.13.3-0ubuntu0.4)
36
vivid/stable-phone-overlay_kde4libs: DNE
37
vivid/ubuntu-core_kde4libs: DNE
38
xenial_kde4libs: released (4:4.14.16-0ubuntu3.1)
39
yakkety_kde4libs: released (4:4.14.22-0ubuntu2.1)
40
devel_kde4libs: released (4:4.14.28-0ubuntu3)