The upstream fixes mentioned in [1] appear to have gone into 4.10.4.
Looking at the Debian source [2] for the package in Sid, ie 4.10.5 shows
the fixes included.
So why does CVE-2013-2074 [3] show sid as vulnerable?
[1] https://bugs.kde.org/show_bug.cgi?id=319428
[2] http://sources.debian.net/src/kde4libs/4:4.10.5-1/kioslave/http/http.cpp
[3] https://security-tracker.debian.org/tracker/CVE-2013-2074
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
