[SECURITY] CVE-2019-7443 (kauth) in kdelibs

To: kde-core-devel@kde.org
Cc: debian-lts@lists.debian.org
Subject: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
From: Hugo Lefeuvre <hle@owl.eu.com>
Date: Tue, 19 Mar 2019 11:39:54 +0100
Message-id: <[🔎] 20190319103954.GB1500@behemoth.owl.eu.com.local>

Hi,

I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on
CVE-2019-7443 which appears to affect not only kauth but also kdelibs
since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp
file[0].

As far as I am aware the fix for CVE-2019-7443 was not applied to
kdelibs. Is there a specific reason for that? Do you plan addressing this
potential vulnerability in kdelibs as well?

CC-ing publicly-archived debian-lts@lists.debian.org

regards,
Hugo Lefeuvre

[0] https://bugs.debian.org/922727

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
  - From: Albert Astals Cid <aacid@kde.org>

Prev by Date: Re: DLAs in the website: some updates and issues
Next by Date: hdf5 undetermined cves
Previous by thread: Jessie update of glib2.0?
Next by thread: Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
Index(es):
- Date
- Thread