This bug was fixed in the package kde4libs - 4:4.14.38-0ubuntu3.1
---
kde4libs (4:4.14.38-0ubuntu3.1) bionic-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.patch: remove
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Title:
[CVE] malicious .desktop files (and others) would execute code
This bug was fixed in the package kconfig - 5.44.0-0ubuntu1.1
---
kconfig (5.44.0-0ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the
Thanks Rik, I've reviewed your kconfig fixes and uploaded them to the
ubuntu-security-proposed ppa (https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/) for people to test.
** Changed in: kconfig (Ubuntu Xenial)
Status: Confirmed => In Progress
** Changed in: kconfig
This bug was fixed in the package kconfig - 5.60.0-0ubuntu2
---
kconfig (5.60.0-0ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the affected feature as
Testing done for Kconfig:
- PPA packages prepared:
https://launchpad.net/~kubuntu-ppa/+archive/ubuntu/experimental
- Tested on affected releases using the examples reported by the discloser.
- Confirmed that fix negates the vulnerability in those cases.
- Patched systems seem otherwise behave
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kde4libs (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kde4libs (Ubuntu Disco)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kde4libs (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kconfig (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
Debdiff with kconfig fix for Xenial archive
** Patch added: "kconfig-xenial-CVE-2019-14744.debdiff"
https://bugs.launchpad.net/ubuntu/+source/kconfig/+bug/1839432/+attachment/5281760/+files/kconfig-xenial-CVE-2019-14744.debdiff
** Changed in: kconfig (Ubuntu Xenial)
Status: New =>
Debdiff with fix for Bionic archive
** Patch added: "kconfig-bionic-CVE-2019-14744.debdiff"
https://bugs.launchpad.net/ubuntu/+source/kconfig/+bug/1839432/+attachment/5281759/+files/kconfig-bionic-CVE-2019-14744.debdiff
--
You received this bug notification because you are a member of
Debdiff with fix for Disco archive
** Patch added: "kconfig-disco-CVE-2019-14744.debdiff"
https://bugs.launchpad.net/ubuntu/+source/kconfig/+bug/1839432/+attachment/5281758/+files/kconfig-disco-CVE-2019-14744.debdiff
--
You received this bug notification because you are a member of Kubuntu
** Also affects: kconfig (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: kconfig (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: kconfig (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: kde4libs (Ubuntu)
14 matches
Mail list logo