Bug#922727: CVE-2019-7443

To: Moritz Muehlenhoff <jmm@debian.org>, 922727@bugs.debian.org, Debian Security Team <security@debian.org>
Subject: Bug#922727: CVE-2019-7443
From: Sandro Knauß <hefee@debian.org>
Date: Wed, 20 Mar 2019 00:13:56 +0100
Message-id: <[🔎] 3979171.QU8NWDKXmu@tuxin>
Reply-to: Sandro Knauß <hefee@debian.org>, 922727@bugs.debian.org
In-reply-to: <155061464033.24909.14406582171445778810.reportbug@hullmann.westfalen.local>
References: <155061464033.24909.14406582171445778810.reportbug@hullmann.westfalen.local> <155061464033.24909.14406582171445778810.reportbug@hullmann.westfalen.local>

Hey,

> The security bug filed against kauth in #921995 also seems to affect
> kde4libs, the code is in kdecore/auth/backends/dbus/DBusHelperProxy.cpp?

yes, it is likely, that also kde4libs is affected. kauth is KDE Frameworks. As 
the birth of  KDE Frameworks is a split of kdelibs. I think KDE doesn't 
mention kdelibs as affected, as kdelibs is EOL so not security support by KDE 
anymore.

(Only in Debian kdelibs was renamed to kde4libs, as there were package name 
conflicts. That's why I'm normally talking about kdelibs.)

hefee

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Bug#922727: CVE-2019-7443
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Bug#924959: marked as done (qtcreator: Probably missing qtdeclarative5-dev dependency)
Next by Date: Bug#925122: qtbase-opensource-src-gles: fails to clean after build
Previous by thread: Bug#925025: kate: Crash on file open dialog -> change directory
Next by thread: Bug#922727: CVE-2019-7443
Index(es):
- Date
- Thread