On Fri, Sep 23, 2022 at 08:38:27PM +0200, Salvatore Bonaccorso wrote: > CVE-2022-41322[0]: > | In Kitty before 0.26.2, insufficient validation in the desktop > | notification escape sequence can lead to arbitrary code execution. The > | user must display attacker-controlled content in the terminal, then > | click on a notification popup.
> Please adjust the affected versions in the BTS as needed. This feature was introduced in 0.19.0, so I've marked it found in the first upload after that -- 0.19.1-1. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB