-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6063-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 26, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : kdeconnect CVE ID : CVE-2025-66270 It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 25.04.2-1+deb13u1. We recommend that you upgrade your kdeconnect packages. For the detailed security status of kdeconnect please refer to its security tracker page at: https://security-tracker.debian.org/tracker/kdeconnect Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmknfSEACgkQEMKTtsN8 TjZzPQ/7BoMeKcefxv4k+cz6lX3Y4ClDKNqtXX4+olrr//NwjJvp0FI2N+K6xJTF FVfy7KAVyTwKTYrAVlOapeKycBYsuTPUoIxh6zKdcNz9LJILkiMoleb5ExaAFm/k vAsKuzkfE4vJWUfdhF+4ZlFWNXT4MTPMS6dihJmImMFuN0Ry+iCbd49sNMKEtdYF DpSSgKTjxnFqjmd1Jw4DTaxWswZHjZjAELeCYWxagQwWY3991PmUYU6xLvrI/fjm lMFsrHkc5DXvIo5B37gMj2lr4dzir1SnzyjC5tKF3P/fstXlHBXdpB3BM9UvyMvP IkCT8tZolUG/Q8/qp8U1NXP4G84A+yBt5t3yBvciz+hfmKqP2JTuxojb2047KZVg cQ513mqRVqIGiDFRI6HufZ2niTzuI45qXsNOktQgWEp1GkypZ6fiQhc9kGxMLiJ0 tJGT8jmljzRhj94fakl8+q8fzHN916WqT5tSwbq5B4/490aoSq6P5GzsJNW5th1c 6qrTXhlXqpRLqUlwfoLE7rTLsLYwTMfrDn5JFHpQDk6pEIfmL071DJkVDuVUtec0 AY/hrr38myC/k6kGB2d49DYHjY/GUtcuegCf5Zs8a/0qiKfF2HG/4mfbimPx3kY/ geP5oV314VKzzVQrFVnW/emVODipbhhcYbCCeCE/SnMnXDh4jHc= =CkXB -----END PGP SIGNATURE-----
