Source: kitty Version: 0.40.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for kitty. CVE-2025-43929[0]: | open_actions.py in kitty before 0.41.0 does not ask for user | confirmation before running a local executable file that may have | been linked from an untrusted document (e.g., a document opened in | KDE ghostwriter). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-43929 https://www.cve.org/CVERecord?id=CVE-2025-43929 [1] https://github.com/0xBenCantCode/CVE-2025-43929 [2] https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
