[SECURITY] [DSA 6299-1] kdenlive security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6299-1] kdenlive security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 26 May 2026 21:08:24 +0000
Message-id: <[🔎] ahYLyJe8kuoYI3B3@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6299-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 26, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : kdenlive
CVE ID         : CVE-2026-45184

It was discovered that opening a malformed project file in the Kdenlive
video editor could result in the execution of arbitrary code.

For the oldstable distribution (bookworm), this problem has been fixed
in version 22.12.3-2+deb12u2.

For the stable distribution (trixie), this problem has been fixed in
version 24.12.3-2+deb13u1.

We recommend that you upgrade your kdenlive packages.

For the detailed security status of kdenlive please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/kdenlive

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoWC2MACgkQEMKTtsN8
TjZorw//aiG/GErX1FzDzbkd682H1iEZh3PieFYvklsFV2wOUhDuF8uvr76Hy4KG
xQfE4W7IfnGI6IGJciDu0M78iVJBntv8lKPBHd5gE+J+AU50K7s4/y5uU0FSJ2Eo
mxdvgyUq0TG3I4l4JjUj7B6aLPnfcs5l7K6vu6CDpLVaWsrSsZxxhlXjUhbLK3l6
Uyd/0LZGG46hPfKXOQBDxIWg/pHhOutpdR++wR9yQVpaKnimD+4wE6cQRQeEiLCC
cFTmhU9ndZ11fjn2R9fAFKxkvnhlcLOmImCzGTaTNQH6Lw920OE0FQ7PnT6W/S82
7+SBzPCZd3vDxL7WZ+qBFLUwAgoPeERIss3DdLjkYd5qGWD2mv0sEOy5NVURUx57
/m0UXUM1/aoLY4DLndN6N/6o9+EwTgrM7el1584AN+oba3gNhNPzLbYagY/js6zl
ejqfJhczDuSstQPn74XFT3zmVREOViGAZYL8l09xtnfxxfLKV0xuoPFLbXETNkf9
GbM5PB7dcEASVKlWW66VDgkLi8SUKe/do9UKBs8W7YwuETYDqYAh7+rxuLP//Iyr
/2ZPFV60n6Z9s1FTbojnOmIzKRPq3Ma4sayiiU/MznSM4SWiUtdsOf0KOaVwk7yj
RkB1wpF59qLRra16GwHXcliwSID31uu/BYYoz6M1o1kfTI+vfbs=
=1ZjV
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6298-1] imagemagick security update
Next by Date: [SECURITY] [DSA 6300-1] node-shell-quote security update
Previous by thread: [SECURITY] [DSA 6298-1] imagemagick security update
Next by thread: [SECURITY] [DSA 6300-1] node-shell-quote security update
Index(es):
- Date
- Thread