Bug#934268: marked as done (kde4libs: CVE-2019-14744)

To: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Subject: Bug#934268: marked as done (kde4libs: CVE-2019-14744)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 25 Aug 2019 15:39:00 +0000
Message-id: <[🔎] handler.934268.D934268.1566747278926.ackdone@bugs.debian.org>
Reply-to: 934268@bugs.debian.org
References: <E1i1uXD-000HxJ-7D@fasolo.debian.org> <[🔎] 156529976563.26833.17857163395878241862.reportbug@eldamar.local>

Your message dated Sun, 25 Aug 2019 15:34:27 +0000
with message-id <E1i1uXD-000HxJ-7D@fasolo.debian.org>
and subject line Bug#935666: Removed package(s) from unstable
has caused the Debian Bug report #934268,
regarding kde4libs: CVE-2019-14744
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
934268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934268
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kconfig: CVE-2019-14744
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 08 Aug 2019 23:29:25 +0200
Message-id: <[🔎] 156529976563.26833.17857163395878241862.reportbug@eldamar.local>

Source: kconfig
Version: 5.54.0-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: found -1 5.28.0-2
Control: clone -1 -2
Control: reassign -2 src:kde4libs 4:4.14.38-3
Control: retitle -2 kde4libs: CVE-2019-14744
Control: found -2 4:4.14.26-2

Hi,

The following vulnerability was published for kconfig.

CVE-2019-14744[0]:
| In KDE Frameworks KConfig before 5.61.0, malicious desktop files and
| configuration files lead to code execution with minimal user
| interaction. This relates to libKF5ConfigCore.so, and the mishandling
| of .desktop and .directory files, as demonstrated by a shell command
| on an Icon line in a .desktop file.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-14744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14744
[1] https://kde.org/info/security/advisory-20190807-1.txt
[2] https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
[3] https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 514542-done@bugs.debian.org,525362-done@bugs.debian.org,525599-done@bugs.debian.org,526979-done@bugs.debian.org,529572-done@bugs.debian.org,531007-done@bugs.debian.org,531412-done@bugs.debian.org,533050-done@bugs.debian.org,535702-done@bugs.debian.org,540850-done@bugs.debian.org,544149-done@bugs.debian.org,561758-done@bugs.debian.org,571047-done@bugs.debian.org,578701-done@bugs.debian.org,582568-done@bugs.debian.org,622332-done@bugs.debian.org,643726-done@bugs.debian.org,655239-done@bugs.debian.org,657928-done@bugs.debian.org,697763-done@bugs.debian.org,703724-done@bugs.debian.org,705741-done@bugs.debian.org,705743-done@bugs.debian.org,710299-done@bugs.debian.org,721311-done@bugs.debian.org,723092-done@bugs.debian.org,723832-done@bugs.debian.org,728523-done@bugs.debian.org,741564-done@bugs.debian.org,745556-done@bugs.debian.org,749577-done@bugs.debian.org,755241-done@bugs.debian.org,757069-done@bugs.debian.org,757458-done@bugs.debian.org,760412-done@bugs.debian.org,761251-done@bu gs.debian.org,772131-done@bugs.debian.org,774030-done@bugs.debian.org,779276-done@bugs.debian.org,780400-done@bugs.debian.org,781769-done@bugs.debian.org,783371-done@bugs.debian.org,783844-done@bugs.debian.org,784479-done@bugs.debian.org,808408-done@bugs.debian.org,821289-done@bugs.debian.org,829144-done@bugs.debian.org,835916-done@bugs.debian.org,842408-done@bugs.debian.org,860270-done@bugs.debian.org,874945-done@bugs.debian.org,891254-done@bugs.debian.org,908588-done@bugs.debian.org,913741-done@bugs.debian.org,914212-done@bugs.debian.org,922727-done@bugs.debian.org,925724-done@bugs.debian.org,934268-done@bugs.debian.org,

Cc: kde4libs@packages.debian.org

Subject: Bug#935666: Removed package(s) from unstable

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Date: Sun, 25 Aug 2019 15:34:27 +0000

Message-id: <E1i1uXD-000HxJ-7D@fasolo.debian.org>
Version: 4:4.14.38-4+rm

Dear submitter,

as the package kde4libs has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/935666

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---

Reply to:

References:
- Bug#934267: kconfig: CVE-2019-14744
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#922727: marked as done (CVE-2019-7443)
Next by Date: Bug#925724: marked as done (kde4libs: ftbfs with GCC-9)
Previous by thread: Bug#934267: marked as done (kconfig: CVE-2019-14744)
Next by thread: Processed: fixed 934267 in 5.28.0-2+deb9u1
Index(es):
- Date
- Thread