Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
El dimarts, 19 de març de 2019, a les 11:39:54 CET, Hugo Lefeuvre va escriure:
> I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on
> CVE-2019-7443 which appears to affect not only kauth but also kdelibs
> since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp
> As far as I am aware the fix for CVE-2019-7443 was not applied to
> kdelibs. Is there a specific reason for that? Do you plan addressing this
> potential vulnerability in kdelibs as well?
kdelibs last release was 4.14.35 in August 2017.
kdelibs is no longer maintained.
Qt 4 last release was 4.8.7 in May 2015.
Qt 4 is no longer maintained.
Our suggestion is to stop using any qt4/kdelibs based software and move to the future if you're concerned about security and/or want to use maintained software.
> CC-ing publicly-archived firstname.lastname@example.org
> Hugo Lefeuvre
>  https://bugs.debian.org/922727