Bug#922727: CVE-2019-7443

To: Moritz Muehlenhoff <jmm@debian.org>
Cc: 922727@bugs.debian.org, Debian Security Team <security@debian.org>
Subject: Bug#922727: CVE-2019-7443
From: Sandro Knauß <hefee@debian.org>
Date: Wed, 20 Mar 2019 21:45:14 +0100
Message-id: <[🔎] 1647053.GznNHEbjSg@tuxin>
Reply-to: Sandro Knauß <hefee@debian.org>, 922727@bugs.debian.org
In-reply-to: <[🔎] 20190320181559.emtdj52v22jhjiz3@inutil.org>
References: <155061464033.24909.14406582171445778810.reportbug@hullmann.westfalen.local> <[🔎] 3979171.QU8NWDKXmu@tuxin> <[🔎] 20190320181559.emtdj52v22jhjiz3@inutil.org> <155061464033.24909.14406582171445778810.reportbug@hullmann.westfalen.local>

Hey,

> Shall we cherrypick/backport the patch on our own, then or rather ignore it
> given the vast majority of applications uses kf5 now?

I would recommend to cherrypick/backport. I think the base hasn't changed a 
lot, so it will be easy to backport. Unfortunately we sill have several 
applications that are using kde4libs.

> > as kdelibs is EOL so not security support by KDE
> > anymore.
> 
> Ok, then let's remove the whole KDE4/Qt4 stack for bullseye (I suppose
> that's the maintainer's plan anyway?)

Yeah this was the plan for Buster already:

https://wiki.debian.org/Qt4Removal

at least we hardy reached a sub goal for Buster:

https://wiki.debian.org/Qt4WebKitRemoval

hefee

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Bug#922727: CVE-2019-7443
  - From: Sandro Knauß <hefee@debian.org>
- Bug#922727: CVE-2019-7443
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Bug#917107: qtwayland-opensource-src: Check if CMake files for plugins need to be removed
Next by Date: kdepim-runtime_18.08.3-2_source.changes ACCEPTED into unstable
Previous by thread: Bug#922727: CVE-2019-7443
Next by thread: Bug#925122: qtbase-opensource-src-gles: fails to clean after build
Index(es):
- Date
- Thread