El dimarts, 19 de març de 2019, a les 11:39:54 CET, Hugo Lefeuvre va escriure: > Hi, > > I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on > CVE-2019-7443 which appears to affect not only kauth but also kdelibs > since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp > file[0]. > > As far as I am aware the fix for CVE-2019-7443 was not applied to > kdelibs. Is there a specific reason for that? Do you plan addressing this > potential vulnerability in kdelibs as well?
kdelibs last release was 4.14.35 in August 2017. kdelibs is no longer maintained. Qt 4 last release was 4.8.7 in May 2015. Qt 4 is no longer maintained. Our suggestion is to stop using any qt4/kdelibs based software and move to the future if you're concerned about security and/or want to use maintained software. Best Regards, Albert > > CC-ing publicly-archived debian-...@lists.debian.org > > regards, > Hugo Lefeuvre > > [0] https://bugs.debian.org/922727 > >