CVE-2017-6410

Priority
Medium
Description
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the
PAC FindProxyForURL function with a full https URL (potentially including
Basic Authentication credentials, a query string, or PATH_INFO), which
allows remote attackers to obtain sensitive information via a crafted PAC
file.
References
Bugs
Package
Source: kio (LP Ubuntu Debian)
Upstream:needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.18.0-0ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (5.31.0-0ubuntu2)
Package
Upstream:needed
Ubuntu 14.04 LTS (Trusty Tahr):released (4:4.13.3-0ubuntu0.4)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4:4.14.16-0ubuntu3.1)
Ubuntu 17.04 (Zesty Zapus):released (4:4.14.28-0ubuntu3)
More Information

Updated: 2017-08-11 23:55:54 UTC (commit 13081)