Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs

To: kde-core-devel@kde.org
Cc: Albert Astals Cid <aacid@kde.org>, debian-lts@lists.debian.org, Hugo Lefeuvre <hle@owl.eu.com>
Subject: Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
From: Sandro Knauß <sknauss@kde.org>
Date: Wed, 20 Mar 2019 18:39:34 +0100
Message-id: <[🔎] 7981975.DGWhRLOS1H@tuxin>
In-reply-to: <[🔎] 9844542.UCWRAzAjMK@xps>
References: <[🔎] 20190319103954.GB1500@behemoth.owl.eu.com.local> <[🔎] 9844542.UCWRAzAjMK@xps>

Hi,

> kdelibs last release was 4.14.35 in August 2017.
> 
> kdelibs is no longer maintained.
> 
> Qt 4 last release was 4.8.7 in May 2015.
> 
> Qt 4 is no longer maintained.
> 
> Our suggestion is to stop using any qt4/kdelibs based software and move to
> the future if you're concerned about security and/or want to use maintained
> software.

It is not that we do not try it, to remove Qt4 from Debian. We try since Aug 
2017 to reach this goal to remove all qt4/kdelibs software, but still there is 
a lot depending on qt4/kdelibs:

https://wiki.debian.org/Qt4Removal

(If you have any notes about status of packages aka dead by upstream - input 
is very welcomed).

In next Debian Buster released in some months we still need to ship qt4/
kdelibs.

Regards,

hefee

Reply to:

References:
- [SECURITY] CVE-2019-7443 (kauth) in kdelibs
  - From: Hugo Lefeuvre <hle@owl.eu.com>
- Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
  - From: Albert Astals Cid <aacid@kde.org>

Prev by Date: Re: hdf5 undetermined cves
Next by Date: KSK2017 in BIND 9 in Wheezy and Jessie LTS releases?
Previous by thread: Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
Next by thread: hdf5 undetermined cves
Index(es):
- Date
- Thread