[SECURITY] CVE-2019-7443 (kauth) in kdelibs
Albert Astals Cid
aacid at kde.org
Tue Mar 19 22:48:52 GMT 2019
El dimarts, 19 de març de 2019, a les 11:39:54 CET, Hugo Lefeuvre va escriure:
> Hi,
>
> I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on
> CVE-2019-7443 which appears to affect not only kauth but also kdelibs
> since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp
> file[0].
>
> As far as I am aware the fix for CVE-2019-7443 was not applied to
> kdelibs. Is there a specific reason for that? Do you plan addressing this
> potential vulnerability in kdelibs as well?
kdelibs last release was 4.14.35 in August 2017.
kdelibs is no longer maintained.
Qt 4 last release was 4.8.7 in May 2015.
Qt 4 is no longer maintained.
Our suggestion is to stop using any qt4/kdelibs based software and move to the future if you're concerned about security and/or want to use maintained software.
Best Regards,
Albert
>
> CC-ing publicly-archived debian-lts at lists.debian.org
>
> regards,
> Hugo Lefeuvre
>
> [0] https://bugs.debian.org/922727
>
>
More information about the kde-core-devel
mailing list