[SECURITY] Fedora 18 Update: kdelibs3-3.5.10-53.fc18

updates at fedoraproject.org updates at fedoraproject.org
Wed May 29 00:58:25 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-8717
2013-05-21 07:04:51
--------------------------------------------------------------------------------

Name        : kdelibs3
Product     : Fedora 18
Version     : 3.5.10
Release     : 53.fc18
URL         : http://www.kde.org/
Summary     : KDE 3 Libraries
Description :
Libraries for KDE 3:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

--------------------------------------------------------------------------------
Update Information:

This update fixes a low-impact security issue in the KDE 3 compatibility (kdelibs3) version of kio_http where it would print passwords contained in HTTP URLs in error and debugging messages (CVE-2013-2074).
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 18 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.5.10-53
- fix CVE-2013-2074 (passwords in HTTP URLs in error messages, #962001)
* Mon Apr  1 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.5.10-52
- use automake --force-missing to get aarch64 support (#925029/#925627)
- also use automake --copy (the default is symlinking)
* Sun Mar 10 2013 Rex Dieter <rdieter at fedoraproject.org> - 3.5.10-51
- rebuild (OpenEXR)
* Sat Mar  9 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.5.10-50
- drop branding hack which breaks kde-config --kde-version
* Sat Mar  9 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.5.10-49
- unify KDE 3 autotools fixes between packages
* Thu Mar  7 2013 Than Ngo <than at redhat.com> - 3.5.10-48
- fix build failture
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.5.10-47
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 3.5.10-46
- rebuild due to "jpeg8-ABI" feature drop
* Tue Dec 25 2012 Kevin Kofler <Kevin at tigcc.ticalc.org> 3.5.10-45
- drop CUPS conditionals, CUPS support must always be built
- backport CUPS 1.6 build fixes from Trinity / Timothy Pearson
* Fri Dec 21 2012 Rex Dieter <rdieter at fedoraproject.org> 3.5.10-44
- disable cups support on f19+ (for now, needs lots 'o love)
* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 3.5.10-43
- rebuild against new libjpeg
* Thu Dec 20 2012 Rex Dieter <rdieter at fedoraproject.org> 3.5.10-42
- omit ktelnetservice (in favor of kdelibs4's copy)
* Thu Dec  6 2012 Kevin Kofler <Kevin at tigcc.ticalc.org> 3.5.10-41
- omit cupsdconf (F19+), FTBFS with the latest CUPS and not worth fixing
* Tue Dec  4 2012 Rex Dieter <rdieter at fedoraproject.org> 3.5.10-40
- kate has a file conflict with kdelibs3 (#883529)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #961981 - CVE-2013-2074 kdelibs: prints passwords contained in HTTP URLs in error messages
        https://bugzilla.redhat.com/show_bug.cgi?id=961981
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdelibs3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list