Bug#922727: CVE-2019-7443

To: Sandro Knauß <hefee@debian.org>
Cc: Moritz Muehlenhoff <jmm@debian.org>, 922727@bugs.debian.org, Debian Security Team <security@debian.org>
Subject: Bug#922727: CVE-2019-7443
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 20 Mar 2019 19:15:59 +0100
Message-id: <[🔎] 20190320181559.emtdj52v22jhjiz3@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 922727@bugs.debian.org
In-reply-to: <[🔎] 3979171.QU8NWDKXmu@tuxin>
References: <155061464033.24909.14406582171445778810.reportbug@hullmann.westfalen.local> <[🔎] 3979171.QU8NWDKXmu@tuxin> <155061464033.24909.14406582171445778810.reportbug@hullmann.westfalen.local>

On Wed, Mar 20, 2019 at 12:13:56AM +0100, Sandro Knauß wrote:
> Hey,
> 
> > The security bug filed against kauth in #921995 also seems to affect
> > kde4libs, the code is in kdecore/auth/backends/dbus/DBusHelperProxy.cpp?
> 
> yes, it is likely, that also kde4libs is affected. kauth is KDE Frameworks. As 
> the birth of  KDE Frameworks is a split of kdelibs. I think KDE doesn't 
> mention kdelibs as affected,

Shall we cherrypick/backport the patch on our own, then or rather ignore it
given the vast majority of applications uses kf5 now?

> as kdelibs is EOL so not security support by KDE 
> anymore.

Ok, then let's remove the whole KDE4/Qt4 stack for bullseye (I suppose that's
the maintainer's plan anyway?)

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#922727: CVE-2019-7443
  - From: Sandro Knauß <hefee@debian.org>

References:
- Bug#922727: CVE-2019-7443
  - From: Sandro Knauß <hefee@debian.org>

Prev by Date: Qt4 Removal : Trimage
Next by Date: Bug#850778: Plasma reports failure when mounting encrypted disks
Previous by thread: Bug#922727: CVE-2019-7443
Next by thread: Bug#922727: CVE-2019-7443
Index(es):
- Date
- Thread