[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs

El dimarts, 19 de març de 2019, a les 11:39:54 CET, Hugo Lefeuvre va escriure:
> Hi,
> I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on
> CVE-2019-7443 which appears to affect not only kauth but also kdelibs
> since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp
> file[0].
> As far as I am aware the fix for CVE-2019-7443 was not applied to
> kdelibs. Is there a specific reason for that? Do you plan addressing this
> potential vulnerability in kdelibs as well?

kdelibs last release was 4.14.35 in August 2017.

kdelibs is no longer maintained. 

Qt 4 last release was 4.8.7 in May 2015.

Qt 4 is no longer maintained. 

Our suggestion is to stop using any qt4/kdelibs based software and move to the future if you're concerned about security and/or want to use maintained software.

Best Regards,

> CC-ing publicly-archived debian-lts@lists.debian.org
> regards,
> Hugo Lefeuvre
> [0] https://bugs.debian.org/922727

Reply to: