Bug#921995: marked as done (kauth: Insecure handling of arguments in helpers)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug#921995: marked as done (kauth: Insecure handling of arguments in helpers)

Debian Bug Tracking System
Your message dated Mon, 11 Feb 2019 06:37:36 +0000
with message-id <[hidden email]>
and subject line Bug#921995: fixed in kauth 5.54.0-2
has caused the Debian Bug report #921995,
regarding kauth: Insecure handling of arguments in helpers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
921995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921995
Debian Bug Tracking System
Contact [hidden email] with problems

Package: src:kauth
Version: 5.28.0-2
Severity: grave
Tags: security upstream patch
Justification: user security hole

See the KDE announce list [1].  It includes reference to a fix [2].  This is
CVE-2019-7443.

Scott K


[1] https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
[2] https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

Source: kauth
Source-Version: 5.54.0-2

We believe that the bug you reported is fixed in the latest version of
kauth, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <[hidden email]> (supplier of updated kauth package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 10 Feb 2019 23:22:23 -0500
Source: kauth
Architecture: source
Version: 5.54.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <[hidden email]>
Changed-By: Scott Kitterman <[hidden email]>
Closes: 921995
Changes:
 kauth (5.54.0-2) unstable; urgency=high
 .
   * Team upload.
   * SECURITY UPDATE:
   * References:
     - CVE-2019-7443
     - https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
   * Remove support for passing gui QVariants to KAuth helpers (Closes:
     #921995)
Checksums-Sha1:
 1b0222977fc2405ed2e414a253766c67275424b0 2545 kauth_5.54.0-2.dsc
 5e1cc906491572111c913f12ab7047931dc3bddd 12128 kauth_5.54.0-2.debian.tar.xz
 3b6d1b318e08a9c0a1ff65c8b0690431cbe73877 12199 kauth_5.54.0-2_source.buildinfo
Checksums-Sha256:
 3f0fb3ba0795bb040d7659adc773c06617304122cc3e5578a18f0ef5ac1eb2fb 2545 kauth_5.54.0-2.dsc
 06016fdc8720f0212d7f94cfe2de93904b4efcabcfcd1eab943ac0fc9ee0d4f2 12128 kauth_5.54.0-2.debian.tar.xz
 68742839ab23453a6882a6e55073b69e20dc1d720b854277b9d5b404dd87a38c 12199 kauth_5.54.0-2_source.buildinfo
Files:
 e91296b4ee2f62e15ce463dc56527bca 2545 libs optional kauth_5.54.0-2.dsc
 2d4f3351089e78c37fbfa47e76abfef3 12128 libs optional kauth_5.54.0-2.debian.tar.xz
 17f8873cd58324698410003bb16a6e6d 12199 libs optional kauth_5.54.0-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJcYRKxAAoJEHjX3vua1Zrxpd0P/1tsLVq3D0lWRnwE3SNsKk6b
nlU/KAm+fRD5+NochgK0ZCFFwprONnd8BbHTlW4fXE4sH9qsj3jzmbXHlmSGhhpv
k36seLMAU3URjUDoAcKzzdPC+703h+tNSvHYI7E1nGwrMBBBQMeprQPV+XaI8BRn
W3UX9JIuVCCHsOuRmPgh8Dtarkacryp0tC5B+rL8g/Oa02f2FRN3+cy3JUwL+as3
oObonbWLSwjc9lR/BDCKiToqTuDvPnJSFnHrkt+w3LT3V9zzB8NRG4GOVAwNQ0WN
ZkxAyU0e2iFCUug8TnRzbk7wUHv5zGMfcTz2v3DXRL5ngTAdPDTxuoEMwC8T26LJ
fpHZftt+mEdbBw+D0CoU8hFNAmpu6cdoLXSFQtuzopAzI1P0T1lySIaYZnfwOwkw
VGUNG/HCNwiJJJf5QO0o5ds6qJimXx5zPxI/QxLpXR7zKjy3H0FqxDN/0VutLJtk
s9jj0dUErYtm9Uo/ImlipAEKdsA0Jodq9+ufY5p/1Yv6Ik4IuEbYWmAqq9FndqDP
czu/JOZt1ulFNYLP+OddJawEbNluaQzP9yGWV5FXk8Y6TlY4ApCjhY3lKKxUQgqu
73eXOG6CnjbPW3VZIPsK9TpXBpK17Pvek0x+fBdw49DzYttIqtK31mIBKu6OeLMS
K5SuwooqIVukUiex0P4j
=EGhd
-----END PGP SIGNATURE-----