The upstream fixes mentioned in [1] appear to have gone into 4.10.4.
Looking at the Debian source [2] for the package in Sid, ie 4.10.5 shows
the fixes included.
So why does CVE-2013-2074 [3] show sid as vulnerable?
[1] https://bugs.kde.org/show_bug.cgi?id=319428
[2] http://sources.debian.net/src/kde4libs/4:4.10.5-1/kioslave/http/http.cpp
[3] https://security-tracker.debian.org/tracker/CVE-2013-2074
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/521a7bbb.9050...@elfringham.co.uk
