Version: 1.4.2 (using 4.2.2 (KDE 4.2.2), Debian packages) Compiler: cc OS: Linux (i686) release 2.6.29-1-686 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521298 521298@bugs.debian.org I confirm this behavior is still present in 4.2.2. From: Sebastian Niehaus <niehaus@web.de> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: akregator exposes password of password protected blogs Date: Thu, 26 Mar 2009 16:04:33 +0100 Package: akregator Version: 4:3.5.9-5 Severity: important I subscribed to a password protected blog using a feed URL like this one: http://user:password@passwordprotected-blog.example.com/blog/index.rss Under $HOME/.kde/share/apps/akregator/Archive/ akregator creates a file, the name containing not only the feed URL but also the username and password This may expose passwords to other users of the box. -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages akregator depends on: ii kdelibs4c2a 4:3.5.10.dfsg.1-0lenny1 core libraries and binaries for al ii libc6 2.7-18 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1.1 GCC support library ii libkdepim1a 4:3.5.9-5 KDE PIM library ii libqt3-mt 3:3.3.8b-5+b1 Qt GUI Library (Threaded runtime v ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 akregator recommends no packages. akregator suggests no packages. -- no debconf information
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present? If noone confirms this bug for a Framework-based version of akregator (version 5.0 or later, as part of KDE Applications 15.08 or later), it gets closed in about three months.
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.