kdelibs, kdelibs-crypto - several vulnerabilities

Two vulnerabilities were discovered in kdelibs:

• CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not
  remove authentication credentials from URLs of the
  “user:password@host” form in the HTTP-Referer header, which could
  allow remote web sites to steal the credentials for pages that link
  to the sites.
• CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not
  validate the Common Name (CN) field for X.509 Certificates, which
  could allow remote attackers to spoof certificates via a
  man-in-the-middle attack.

These vulnerabilities are described in the following security
advisories from KDE:

For the current stable distribution (woody) these problems have been
fixed in version 2.2.2-13.woody.8 of kdelibs and 2.2.2-6woody2 of
kdelibs-crypto.

For the unstable distribution (sid) these problems have been fixed in
kdelibs version 4:3.1.3-1. The unstable distribution does not contain
a separate kdelibs-crypto package.

We recommend that you update your kdelibs and kdelibs-crypto
packages.