This bug was fixed in the package kde4libs - 4:4.14.16-0ubuntu3.3
---
kde4libs (4:4.14.16-0ubuntu3.3) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability.
- debian/patches/CVE-2016-6232.patch: extraction location to be in
subfolder.
-
This bug was fixed in the package kde4libs - 4:4.14.38-0ubuntu6.1
---
kde4libs (4:4.14.38-0ubuntu6.1) disco-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.patch: remove
This bug was fixed in the package kde4libs - 4:4.14.38-0ubuntu3.1
---
kde4libs (4:4.14.38-0ubuntu3.1) bionic-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.patch: remove
This bug was fixed in the package kde4libs - 4:4.14.38-0ubuntu7
---
kde4libs (4:4.14.38-0ubuntu7) eoan; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the affected
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Title:
[CVE] malicious .desktop files (and others) would execute code
To manage
** Changed in: kconfig (Ubuntu)
Importance: Undecided => Medium
** Changed in: kconfig (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: kconfig (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: kconfig (Ubuntu Disco)
Importance: Undecided => Medium
**
This bug was fixed in the package kconfig - 5.18.0-0ubuntu1.1
---
kconfig (5.18.0-0ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the
This bug was fixed in the package kconfig - 5.44.0-0ubuntu1.1
---
kconfig (5.44.0-0ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the
This bug was fixed in the package kconfig - 5.56.0-0ubuntu1.1
---
kconfig (5.56.0-0ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the
Thanks Rik, I've reviewed your kconfig fixes and uploaded them to the
ubuntu-security-proposed ppa (https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/) for people to test.
** Changed in: kconfig (Ubuntu Xenial)
Status: Confirmed => In Progress
** Changed in: kconfig
This bug was fixed in the package kconfig - 5.60.0-0ubuntu2
---
kconfig (5.60.0-0ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the affected feature as
Testing done for Kconfig:
- PPA packages prepared:
https://launchpad.net/~kubuntu-ppa/+archive/ubuntu/experimental
- Tested on affected releases using the examples reported by the discloser.
- Confirmed that fix negates the vulnerability in those cases.
- Patched systems seem otherwise behave
kde4libs currently FTBFS in Eoan, so that fix is ongoing. However, this
is much lower priority with little way to trigger the vulnerability on
current KF5 desktops
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
** Tags added: patch
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Title:
[CVE] malicious .desktop files (and others) would execute code
To manage notifications about this bug
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kde4libs (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kde4libs (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kde4libs (Ubuntu Disco)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kde4libs (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: kconfig (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Title:
Debdiff with kconfig fix for Xenial archive
** Patch added: "kconfig-xenial-CVE-2019-14744.debdiff"
https://bugs.launchpad.net/ubuntu/+source/kconfig/+bug/1839432/+attachment/5281760/+files/kconfig-xenial-CVE-2019-14744.debdiff
** Changed in: kconfig (Ubuntu Xenial)
Status: New =>
Debdiff with fix for Bionic archive
** Patch added: "kconfig-bionic-CVE-2019-14744.debdiff"
https://bugs.launchpad.net/ubuntu/+source/kconfig/+bug/1839432/+attachment/5281759/+files/kconfig-bionic-CVE-2019-14744.debdiff
--
You received this bug notification because you are a member of
Debdiff with fix for Disco archive
** Patch added: "kconfig-disco-CVE-2019-14744.debdiff"
https://bugs.launchpad.net/ubuntu/+source/kconfig/+bug/1839432/+attachment/5281758/+files/kconfig-disco-CVE-2019-14744.debdiff
--
You received this bug notification because you are a member of Ubuntu
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14744
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
https://bugs.launchpad.net/bugs/1839432
Title:
[CVE] malicious .desktop files (and others) would
** Also affects: kconfig (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: kconfig (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: kconfig (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: kde4libs (Ubuntu)
24 matches
Mail list logo