{ "schema_version": "1.7.0", "id": "MGASA-2015-0044", "published": "2015-01-31T13:23:52Z", "modified": "2015-01-31T13:13:14Z", "summary": "Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs", "details": "Updated kdebase4-runtime packages fix security vulnerability:\n\nkwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB\nmode instead of CBC mode when encrypting the password store, which makes it\neasier for attackers to guess passwords via a codebook attack (CVE-2013-7252).\n\nThis update also fixes some additional issues:\n- encoding in KDEsuDialog (mga#14851)\n- kio_sftp can corrupts files when reading (bko#342391)\n- use euro currency for Lithuania\n- save the default file manager, email client and browser in mimeapps.list\n [Default Applications] for a better interoperability with most of GTK\n applications (mga#4461)\n", "upstream": [ "CVE-2013-7252" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0044.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=14997" }, { "type": "ADVISORY", "url": "https://www.kde.org/info/security/advisory-20150109-1.txt" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148090.html" }, { "type": "REPORT", "url": "https://bugs.kde.org/show_bug.cgi?id=342391" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=14851" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=4461" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "kdebase4-runtime", "purl": "pkg:rpm/mageia/kdebase4-runtime?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.12.5-1.3.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }