CVE-2014-3494

NameCVE-2014-3494
Descriptionkio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs752052

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kde4libs (PTS)jessie4:4.14.2-5+deb8u2fixed
jessie (security)4:4.14.2-5+deb8u3fixed
stretch4:4.14.26-2fixed
buster4:4.14.38-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde4libssource(unstable)4:4.13.3-1752052
kde4libssourcesqueeze(not affected)
kde4libssourcewheezy(not affected)

Notes

[wheezy] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
[squeeze] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f

Search for package or bug name: Reporting problems