Re: Fwd: Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
On Sunday, March 24, 2019 12:05:40 AM CEST Sandro Knauß wrote:
> FreeBSD removed Qt4 compelty last weekend from their repo.
I've perused the list there,
I'm pretty sure I won't be missing anything.
We should try it.
> ---------- Forwarded Message ----------
> Subject: Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
> Date: Samstag, 23. März 2019, 22:54:08 CET
> From: Tobias C. Berner
> To: Sandro Knauß, Adriaan de Groot
> Moin moin
> On FreeBSD we just solved this be removing that stuff too
> [KDE4 and things depending on it was removed 2018-12-31, Qt4 last weekend.]
> I was kind of scared of having a big backlash to this action -- though
> there was none in the end.
> So as an advice from kde@FreeBSD's side: just pull the plug and remove that
> stuff :)
> mfg Tobias
> On Sat, 23 Mar 2019 at 12:35, Sandro Knauß wrote:
> > Hi,
> > > kdelibs last release was 4.14.35 in August 2017.
> > >
> > > kdelibs is no longer maintained.
> > >
> > > Qt 4 last release was 4.8.7 in May 2015.
> > >
> > > Qt 4 is no longer maintained.
> > >
> > > Our suggestion is to stop using any qt4/kdelibs based software and move
> > to
> > > the future if you're concerned about security and/or want to use
> > maintained
> > > software.
> > It is not that we do not try it, to remove Qt4 from Debian. We try since
> > Aug
> > 2017 to reach this goal to remove all qt4/kdelibs software, but still
> > there is
> > a lot depending on qt4/kdelibs:
> > https://wiki.debian.org/Qt4Removal
> > (If you have any notes about status of packages aka dead by upstream -
> > input
> > is very welcomed).
> > In next Debian Buster released in some months we still need to ship qt4/
> > kdelibs.
> > Regards,
> > hefee