Source: kdenlive Version: 26.04.0-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for kdenlive. I'm still marking it as RC level at least so for forky it ensured to make sure it is fixed before the release (still long way), although it is likely a good idea to not just popen untrusted projects. CVE-2026-45184[0]: | Kdenlive before 26.04.1 allows dangerous proxy parameters when an | attacker-controlled project file is used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-45184 https://www.cve.org/CVERecord?id=CVE-2026-45184 [1] https://kde.org/info/security/advisory-20260508-1.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore
