[SECURITY] CVE-2019-7443 (kauth) in kdelibs

Hugo Lefeuvre hle-ZIiYTXgfkeTQT0dZR+AlfA at public.gmane.org
Tue Mar 19 10:39:54 GMT 2019


I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on
CVE-2019-7443 which appears to affect not only kauth but also kdelibs
since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp

As far as I am aware the fix for CVE-2019-7443 was not applied to
kdelibs. Is there a specific reason for that? Do you plan addressing this
potential vulnerability in kdelibs as well?

CC-ing publicly-archived debian-lts-0aAXYlwwYIJuHlm7Suoebg at public.gmane.org

Hugo Lefeuvre

[0] https://bugs.debian.org/922727

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20190319/a46226e3/attachment.sig>

More information about the kde-core-devel mailing list