Bug#921995: marked as done (kauth: Insecure handling of arguments in helpers)

To: Scott Kitterman <scott@kitterman.com>
Subject: Bug#921995: marked as done (kauth: Insecure handling of arguments in helpers)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 11 Feb 2019 06:39:03 +0000
Message-id: <[🔎] handler.921995.D921995.15498670608047.ackdone@bugs.debian.org>
Reply-to: 921995@bugs.debian.org
References: <E1gt5Dl-000CYM-02@fasolo.debian.org> <[🔎] 20190211041629.27007.87798.reportbug@kitterma-E6430>

Your message dated Mon, 11 Feb 2019 06:37:36 +0000
with message-id <E1gt5Dl-000CYM-02@fasolo.debian.org>
and subject line Bug#921995: fixed in kauth 5.54.0-2
has caused the Debian Bug report #921995,
regarding kauth: Insecure handling of arguments in helpers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
921995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921995
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: kauth: Insecure handling of arguments in helpers

From: Scott Kitterman <debian@kitterman.com>

Date: Sun, 10 Feb 2019 23:16:29 -0500

Message-id: <[🔎] 20190211041629.27007.87798.reportbug@kitterma-E6430>
Package: src:kauth
Version: 5.28.0-2
Severity: grave
Tags: security upstream patch
Justification: user security hole

See the KDE announce list [1].  It includes reference to a fix [2].  This is
CVE-2019-7443.

Scott K


[1] https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
[2] https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
--- End Message ---

--- Begin Message ---

To: 921995-close@bugs.debian.org
Subject: Bug#921995: fixed in kauth 5.54.0-2
From: Scott Kitterman <scott@kitterman.com>
Date: Mon, 11 Feb 2019 06:37:36 +0000
Message-id: <E1gt5Dl-000CYM-02@fasolo.debian.org>

Source: kauth
Source-Version: 5.54.0-2

We believe that the bug you reported is fixed in the latest version of
kauth, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921995@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <scott@kitterman.com> (supplier of updated kauth package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 10 Feb 2019 23:22:23 -0500
Source: kauth
Architecture: source
Version: 5.54.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Closes: 921995
Changes:
 kauth (5.54.0-2) unstable; urgency=high
 .
   * Team upload.
   * SECURITY UPDATE:
   * References:
     - CVE-2019-7443
     - https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
   * Remove support for passing gui QVariants to KAuth helpers (Closes:
     #921995)
Checksums-Sha1:
 1b0222977fc2405ed2e414a253766c67275424b0 2545 kauth_5.54.0-2.dsc
 5e1cc906491572111c913f12ab7047931dc3bddd 12128 kauth_5.54.0-2.debian.tar.xz
 3b6d1b318e08a9c0a1ff65c8b0690431cbe73877 12199 kauth_5.54.0-2_source.buildinfo
Checksums-Sha256:
 3f0fb3ba0795bb040d7659adc773c06617304122cc3e5578a18f0ef5ac1eb2fb 2545 kauth_5.54.0-2.dsc
 06016fdc8720f0212d7f94cfe2de93904b4efcabcfcd1eab943ac0fc9ee0d4f2 12128 kauth_5.54.0-2.debian.tar.xz
 68742839ab23453a6882a6e55073b69e20dc1d720b854277b9d5b404dd87a38c 12199 kauth_5.54.0-2_source.buildinfo
Files:
 e91296b4ee2f62e15ce463dc56527bca 2545 libs optional kauth_5.54.0-2.dsc
 2d4f3351089e78c37fbfa47e76abfef3 12128 libs optional kauth_5.54.0-2.debian.tar.xz
 17f8873cd58324698410003bb16a6e6d 12199 libs optional kauth_5.54.0-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJcYRKxAAoJEHjX3vua1Zrxpd0P/1tsLVq3D0lWRnwE3SNsKk6b
nlU/KAm+fRD5+NochgK0ZCFFwprONnd8BbHTlW4fXE4sH9qsj3jzmbXHlmSGhhpv
k36seLMAU3URjUDoAcKzzdPC+703h+tNSvHYI7E1nGwrMBBBQMeprQPV+XaI8BRn
W3UX9JIuVCCHsOuRmPgh8Dtarkacryp0tC5B+rL8g/Oa02f2FRN3+cy3JUwL+as3
oObonbWLSwjc9lR/BDCKiToqTuDvPnJSFnHrkt+w3LT3V9zzB8NRG4GOVAwNQ0WN
ZkxAyU0e2iFCUug8TnRzbk7wUHv5zGMfcTz2v3DXRL5ngTAdPDTxuoEMwC8T26LJ
fpHZftt+mEdbBw+D0CoU8hFNAmpu6cdoLXSFQtuzopAzI1P0T1lySIaYZnfwOwkw
VGUNG/HCNwiJJJf5QO0o5ds6qJimXx5zPxI/QxLpXR7zKjy3H0FqxDN/0VutLJtk
s9jj0dUErYtm9Uo/ImlipAEKdsA0Jodq9+ufY5p/1Yv6Ik4IuEbYWmAqq9FndqDP
czu/JOZt1ulFNYLP+OddJawEbNluaQzP9yGWV5FXk8Y6TlY4ApCjhY3lKKxUQgqu
73eXOG6CnjbPW3VZIPsK9TpXBpK17Pvek0x+fBdw49DzYttIqtK31mIBKu6OeLMS
K5SuwooqIVukUiex0P4j
=EGhd
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#921995: kauth: Insecure handling of arguments in helpers
  - From: Scott Kitterman <debian@kitterman.com>

Prev by Date: Processing of kauth_5.54.0-2_source.changes
Next by Date: kauth_5.54.0-2_source.changes ACCEPTED into unstable
Previous by thread: Processed: Bug #921995 in kauth marked as pending
Next by thread: Bug#922000: src:kauth: Symbols file out of date
Index(es):
- Date
- Thread