[Bug 2132107] Re: Impersonation of paired devices, bypassing authentication

Launchpad Bug Tracker Wed, 03 Dec 2025 01:10:39 -0800

This bug was fixed in the package kdeconnect - 25.08.1-0ubuntu2.1

---------------
kdeconnect (25.08.1-0ubuntu2.1) questing-security; urgency=medium


  * SECURITY UPDATE: Device spoofing vulnerability. (LP: #2132107)
    - debian/patches/CVE-2025-66270.patch: Check that the device ID
      doesn't change during the handshake.
    - CVE-2025-66270

 -- Rik Mills <[email protected]>  Wed, 26 Nov 2025 12:59:51 +0000

** Changed in: kdeconnect (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-66270

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2132107

Title:
  Impersonation of paired devices, bypassing authentication

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdeconnect/+bug/2132107/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2132107] Re: Impersonation of paired devices, bypassing authentication

Reply via email to