Hi,
On Sun, Jun 01, 2014 at 11:30:15PM -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
> tag 750141 moreinfo
> thanks
>
> On Monday 02 June 2014 11:19:05 Hamish Moffatt wrote:
> > Package: libqt4-xml
> > Severity: serious
> > Tags: security
> > Justification: security
> >
> > Qt 4.8.6 has a f
Source: kde4libs
Version: 4:4.13.1-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi
See http://www.kde.org/info/security/advisory-20140618-1.txt for
further reference.
>From the advisory only 4.10.95 to 4.13.2 are affected.
Regards,
Salvatore
--
T
Source: qt4-x11
Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3
Severity: normal
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for qt4-x11.
CVE-2015-1858[0]:
segmentation fault in qbmphandler.cpp
CVE-2015-1859[1]:
segmentation fault in qicohandler.cpp
CVE-2015-
Source: qtbase-opensource-src
Version: 5.3.2+dfsg-4
Severity: normal
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for qtbase-opensource-src.
CVE-2015-1858[0]:
segmentation fault in qbmphandler.cpp
CVE-2015-1859[1]:
segmentation fault in qicohandler.cpp
Source: okular
Version: 4:17.12.2-2
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.kde.org/show_bug.cgi?id=398096
Hi,
The following vulnerability was published for okular.
CVE-2018-1000801[0]:
| okular version 18.08 and earlier contains a Directory Traversal
| vulnerab
Control: user -1 debian-rele...@lists.debian.org
Control: usertags -1 + bsp-2018-12-ch-bern
Hi Simon,
On Sun, Sep 09, 2018 at 02:00:20PM -0500, Simon Quigley wrote:
> Control: owner -1
>
> I can take care of this on behalf of the Qt/KDE Team.
Any news on this to be fixed for buster? (Currently
06:57:20.0 +0100
+++ okular-17.12.2/debian/changelog 2018-12-02 12:27:39.0 +0100
@@ -1,3 +1,11 @@
+okular (4:17.12.2-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix path traversal issue when extracting an .okular file
+(CVE-2018-1000801) (Closes: #908168)
+
+ -- Salv
Source: plasma-workspace
Version: 4:5.4.3-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: https://bugs.kde.org/show_bug.cgi?id=358125
Hi,
the following vulnerability was published for plasma-workspace.
CVE-2016-2312[0]:
KDE lockscreen bypass by switch
Source: qtbase-opensource-src
Version: 5.12.5+dfsg-8
Severity: important
Tags: security upstream
Forwarded: https://bugreports.qt.io/browse/QTBUG-47417
Hi,
The following vulnerability was published for qtbase-opensource-src.
CVE-2015-9541[0]:
| Qt through 5.14 allows an exponential XML entity ex
Source: qtwebsockets-opensource-src
Version: 5.14.1-1
Severity: important
Tags: security upstream
Forwarded: https://bugreports.qt.io/browse/QTBUG-70693
Control: found -1 5.12.5-2
Control: found -1 5.11.3-5
Hi,
The following vulnerability was published for qtwebsockets-opensource-src.
CVE-2018-2
Source: okular
Version: 4:19.12.3-1
Severity: important
Tags: security upstream
Control: found -1 4:17.12.2-2.2
Control: found -1 4:16.08.2-1+deb9u1
Control: found -1 4:16.08.2-1
Hi,
The following vulnerability was published for okular.
CVE-2020-9359[0]:
| KDE Okular before 1.10.0 allows code ex
Source: kmail
Version: 4:19.08.3-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
The following vulnerability was published for kmail, it was fixed in
v19.12.3 upstream.
CVE-2020-11880[0]:
| An issue was discovered in KDE KMail before 19.12.3. By using the
| proprietary (non-RFC6
Source: ark
Version: 4:16.08.3-1
Severity: grave
Tags: upstream patch security fixed-upstream
Justification: user security hole
Forwarded: https://bugs.kde.org/show_bug.cgi?id=374572
Hi,
the following vulnerability was published for ark.
CVE-2017-5330[0]:
unintended execution of scripts and exec
Hi
For jessie: I think the issue was only introduce after the "Open File"
action was introduced, which is post 15.11.80. Would be great if you
can confirm that.
Regards,
Salvatore
Hi
It might be noted that the issues itself are mitigated with the fixes
applied for CVE-2016-7966, and a user protected from this CVE by only
viewing plain text mails. But the issues still presend. At least for
CVE-2016-7968 a full fix would need to be building with Qt 5.7.0
AFAICT (please correc
Source: kio
Version: 5.22.0-1
Severity: important
Tags: patch upstream security
Hi,
the following vulnerability was published for kio.
CVE-2017-6410[0]:
| kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls
| the PAC FindProxyForURL function with a full https URL (potentially
Source: kde4libs
Version: 4:4.14.26-1
Severity: important
Tags: upstream patch security
Hi,
the following vulnerability was published for kde4libs.
CVE-2017-6410[0]:
| kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls
| the PAC FindProxyForURL function with a full https URL
Source: kde4libs
Source-Version: 4:4.14.26-2
On Sun, Mar 05, 2017 at 09:48:06PM +0100, Salvatore Bonaccorso wrote:
> Source: kde4libs
> Version: 4:4.14.26-1
> Severity: important
> Tags: upstream patch security
>
> Hi,
>
> the following vulnerability was published for
Source: kf5-messagelib
Version: 4:16.04.3-2
Severity: important
Tags: patch upstream security
Control: clone -1 -2
Control: reassign -2 kdepim 4:4.14.1-1
Hi,
the following vulnerability was published for kf5-messagelib (and
kmail).
CVE-2017-9604[0]:
| KDE kmail before 5.5.2 and messagelib before
Source: kde-runtime
Version: 4:4.8.4-2
Severity: normal
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for kde-runtime.
CVE-2014-8600[0]:
Insufficient Input Validation By IO Slaves and Webkit Part
If you fix the vulnerability please also make sure to
Source: ktexteditor
Version: 5.37.0-2
Severity: grave
Tags: security upstream
Hi
See http://www.openwall.com/lists/oss-security/2018/04/24/1 for
details (and proposed patch).
Regards,
Salvatore
Package: sddm
Version: 0.14.0-4
Severity: normal
Tags: upstream
Forwarded: https://github.com/sddm/sddm/pull/834
Hi
In sddm setups where the sddm pam configuration is configured to use
pam_group to add additional groups on login depending on the
/etc/security/group.conf configuration does not wor
Source: sddm
Source-Version: 0.18.0-1
On Tue, May 08, 2018 at 03:14:26PM +0200, Salvatore Bonaccorso wrote:
> Package: sddm
> Version: 0.14.0-4
> Severity: normal
> Tags: upstream
> Forwarded: https://github.com/sddm/sddm/pull/834
>
> Hi
>
> In sddm setups where th
Package: kde4libs
Version: 4:4.8.4-4
Severity: important
Tags: security patch
Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=319428
Hi,
the following vulnerability was published for kde4libs.
CVE-2013-2074[0]:
prints passwords contained in HTTP URLs in error messages
Upstream Bugrep
Hi Qt/KDE maintainers,
On Fri, May 31, 2013 at 01:39:50PM +0200, Moritz Muehlenhoff wrote:
> Package: kdeplasma-addons
> Severity: important
> Tags: security
>
> Please see http://seclists.org/oss-sec/2013/q2/429
>
> Once an upstream fix is available, we can fix this in
> a point update.
Short
Hi Qt/KDE Maintainers,
On Wed, Feb 06, 2013 at 03:18:07AM +0100, Luciano Bello wrote:
> Package: qt4-x11
> Severity: important
> Tags: security patch
> Justification: user security hole
>
> Hi Qt/KDE Maintainers,
> This vulnerability had been reported against qt4-x11:
> http://permalink.gma
: not-needed
Author: Salvatore Bonaccorso
Last-Update: 2013-08-18
Applied-Upstream: 5.0.1, 4.8.5, 4.7.6
--- a/src/corelib/kernel/qsharedmemory_unix.cpp
+++ b/src/corelib/kernel/qsharedmemory_unix.cpp
@@ -199,7 +199,7 @@
}
// create
-if (-1 == shmget(handle(), size, 0666 | IPC_CREAT
Hi Lisandro
[Really apologies not having replied earlier]
On Sun, Aug 18, 2013 at 09:37:06PM -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
> On Sunday 18 August 2013 22:11:39 Salvatore Bonaccorso wrote:
> > Control: tags -1 + patch
> >
> > Hi Qt/KDE Maintainers,
> &
Source: kde4libs
Version: 4:4.8.4-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for kde4libs.
CVE-2016-6232[0]:
Extraction of tar files possible to arbitrary system locations
Please note [1], were Balint noticed that the patch in 4:4.14.22-1 was
inc
Source: kde-cli-tools
Version: 4:5.7.4-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for kde-cli-tools.
CVE-2016-7787[0]:
kdesu: Displayed command truncated by unicode string terminator
If you fix the vulnerability please also m
Hi Scott,
On Wed, Oct 12, 2016 at 02:56:06PM -0400, Scott Kitterman wrote:
> Proposed update attached. It is the exact upstream commit that resolved this
> issue upstream (relevant code is unchanged from stable) and I have the fix
> running locally. I do not have an example of the exploit to v
Hi,
Just an additional comment on the debdiff:
On Fri, Oct 14, 2016 at 08:23:04PM +0200, Sandro Knauß wrote:
> Hey,
>
> I now back ported the second part of the fix of the CVE. I updated the
> version
> deb8u1 from Scott. Should I create a deb8u2 for the additional patch?
Please note, to buil
Hi Sandro,
On Fri, Oct 14, 2016 at 10:56:00PM +0200, Sandro Knauß wrote:
> Hi,
>
> now I'm fully confused - you said on IRC, I should better create a deb8u2
> ontop. Well I created now the debdiff for a deb8u2.
>
> So you can decide what is the best way for the sec team and what version
> sho
Hi libspectre maintainers,
Did any of you had a chance to look at #840691? It is currently still
assigned to src:ghostscript, but the problem might actually lie in
libspectre.
Thanks already for your help,
Regards,
Salvatore
Hi
According to the update in the security-tracker done by Moritz for
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed21bb0c20a2272745fb959f4c1da58a44ce32e7#4716ef5aa8f2742228ba3b3633215c8b808565e3_72290_72286
we might close this related issue for kmail, but not doing so,
Control: reassign -1 src:kdepim
Hi Ivo,
On Mon, Apr 08, 2019 at 11:36:10AM +0200, Ivo De Decker wrote:
> Hi,
>
> On Sat, May 19, 2018 at 07:18:06PM +0200, Sandro Knauß wrote:
> > I now created a debdiff for kdepim. The patch depdends on the new symbol
> > that
> > was added in new messageviewe
Source: kmail
Version: 4:18.08.3-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.kde.org/show_bug.cgi?id=404698
Hi,
The following vulnerability was published for kmail. It was reported
upstream at [1] but at point of writing the bugreport there is not
much information availa
Control: tags -1 + fixed-upstream
On Sat, Apr 13, 2019 at 10:31:53AM +0200, Salvatore Bonaccorso wrote:
> Source: kmail
> Version: 4:18.08.3-1
> Severity: important
> Tags: security upstream
> Forwarded: https://bugs.kde.org/show_bug.cgi?id=404698
Discussion on https://bugs.kde.o
Source: kconfig
Version: 5.54.0-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: found -1 5.28.0-2
Control: clone -1 -2
Control: reassign -2 src:kde4libs 4:4.14.38-3
Control: retitle -2 kde4libs: CVE-2019-14744
Control: found -2 4:4.14.26-2
Hi,
The follow
Source: ktexteditor
Version: 5.90.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ktexteditor.
CVE-2022-23853[0]:
| The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2
| and
Source: qt6-base
Source-Version: 6.4.2+dfsg-21
On Sat, Jan 13, 2024 at 02:37:52PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sat, 13 Jan 2024 14:53:25 +0100
> Source: qt6-base
> Architecture: source
> Version: 6.4.2+dfsg-21
> Distr
Source: kio-extras
Version: 4:19.12.3-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for kio-extras.
CVE-2020-12755[0]:
| fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras
| through 20.04.0 makes a cacheAuthentication call even if t
Source: kdepim-runtime
Version: 4:20.04.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:kmail-account-wizard 4:20.04.1-1
Control: retitle -2 kmail-account-wizard: CVE-2020-15954
Hi,
The following vulnerability was p
Source: qtbase-opensource-src
Version: 5.14.2+dfsg-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 5.14.2+dfsg-4
Control: found -1 5.11.3+dfsg1-1+deb10u3
Control: found -1 5.11.3+dfsg1-1
Hi,
The following vulnerability was pu
Source: ark
Version: 4:20.08.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ark.
CVE-2020-24654[0]:
| In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can
| install files outsi
Source: md4c
Version: 0.4.5-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/mity/md4c/issues/130
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for md4c.
CVE-2020-26148[0]:
| md_push_block_bytes in md4c.c in md4c 0
Source: kdeconnect
Version: 20.04.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kdeconnect.
CVE-2020-26164[0]:
| packet manipulation can be exploited in a Denial of Service attack
If you f
Source: sddm
Version: 0.18.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sddm.
CVE-2020-28049[0]:
| local privilege escalation due to race condition in creatio
Hi,
On Wed, Nov 04, 2020 at 01:52:12PM +0100, Salvatore Bonaccorso wrote:
> Source: sddm
> Version: 0.18.1-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
>
Hi Norbert,
On Thu, Nov 05, 2020 at 08:26:07PM +0900, Norbert Preining wrote:
> Hi Salvatore, hi FTP Master,
>
> @Salvatore: thanks for the NMU preparation. We are now preparing a fix
> for unstable via version 0.19, and at the same time I thought I upload
> to buster-security, based on your patc
ectly 0.19 sounds great, thank you.
>
> That is coming in in short time.
Thank you for your work on this update (and in general for the
package).
Regards,
Salvatore
>From e2fceb114a975775fd64dd064e4b7be3dee5cd1f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso
Date: Wed, 4 Nov
Hi Norbert,
On Thu, Nov 05, 2020 at 09:15:15PM +0900, Norbert Preining wrote:
> Hi Salvatore,
>
> On Thu, 05 Nov 2020, Salvatore Bonaccorso wrote:
> > to day, this is the debdiff I just used for the upload. tracker.d.o
> > does not show it yet because the packages are sit
Source: md4c
Version: 0.4.7-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/mity/md4c/issues/155
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for md4c.
CVE-2021-30027[0]:
| md_analyze_line in md4c.c in md4c 0.4.7
Source: qt6-base
Version: 6.4.2+dfsg-9
Severity: important
Tags: security upstream
Forwarded: https://codereview.qt-project.org/c/qt/qtbase/+/477644
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qt6-base.
CVE-2023-33285[0]:
| An issue wa
Source: qt6-base
Version: 6.4.2+dfsg-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:qtbase-opensource-src 5.15.8+dfsg-11
Control: retitle -2 qtbase-opensource-src: CVE-2023-34410
Hi,
The following
Source: qt6-networkauth
Version: 6.4.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:qtnetworkauth-everywhere-src 5.15.13-2
Control: retitle -2 qtnetworkauth-everywhere-src: CVE-2024-36048
Hi,
The
Source: qt6-base
Version: 6.6.2+dfsg-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: forwarded -1 https://codereview.qt-project.org/c/qt/qtbase/+/571601
Control: clone -1 -2
Control: reassign -2 src:qtbase-opensource-src 5.15.13+dfsg-2
C
Source: qtsvg-opensource-src
Version: 5.15.2-3
Severity: important
Tags: security upstream
Forwarded: https://bugreports.qt.io/browse/QTBUG-96044
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 5.11.3-2
Hi,
The following vulnerability was published for qtsvg-opensource-sr
Source: kmail-account-wizard
Version: 4:22.12.3-3
Severity: important
Tags: security upstream
Forwarded: https://bugs.kde.org/show_bug.cgi?id=487882
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: fixed -1 4:24.08.0-1
Hi,
The following vulnerability was published for kmail-account
Hi,
I will leave specific comment on this to Moritz, but below a general
note since this seems to be not gneerally known:
On Sat, Oct 26, 2024 at 07:46:44AM +0200, Sebastiaan Couwenberg wrote:
> Control: severity -1 important
>
> Lowering the severity as the security-tracker marks it as a no-dsa
Source: qt6-base
Version: 6.8.2+dfsg-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qt6-base.
CVE-2025-3512[0]:
| There is a Heap-based Buffer Overflow vulnerability in
| QTextMarkdownImporter
Source: konsole
Version: 4:25.04.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: close -1 4:25.04.0-2
Control: found -1 4:22.12.3-1
Hi,
The following vulnerability was published for konsole.
CVE-2025-49
Source: qt6-base
Version: 6.8.2+dfsg-8
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qt6-base.
CVE-2025-5992[0]:
| When passing values outside of the expected range to
| QColorTransferGenericFu
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: qtimageformats-opensource-...@packages.debian.org,
t...@security.debian.org, Dmitry Shachnev ,
car...@debian.org
Control: affects -1 + src:qtimageformats-opensource-src
User: release.debian@packages.debian.org
Usertags: unblock
Hi
q
64 matches
Mail list logo
