Bug#921995: marked as done (kauth: Insecure handling of arguments in helpers)

[Debian Bug Tracking System]

Your message dated Sat, 09 Mar 2019 12:17:09 +0000
with message-id <e1h2aub-000ga0...@fasolo.debian.org>
and subject line Bug#921995: fixed in kauth 5.28.0-2+deb9u1
has caused the Debian Bug report #921995,
regarding kauth: Insecure handling of arguments in helpers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
921995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921995
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: src:kauth
Version: 5.28.0-2
Severity: grave
Tags: security upstream patch
Justification: user security hole

See the KDE announce list [1].  It includes reference to a fix [2].  This is
CVE-2019-7443.

Scott K


[1] https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
[2] 
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

--- End Message ---

--- Begin Message ---

Source: kauth
Source-Version: 5.28.0-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
kauth, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated kauth package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Feb 2019 00:03:40 +0100
Source: kauth
Binary: libkf5auth-dev libkf5auth-bin-dev libkf5auth5 libkf5auth-data
Architecture: source amd64 all
Version: 5.28.0-2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Description:
 libkf5auth-bin-dev - Abstraction to system policy and authentication features
 libkf5auth-data - Abstraction to system policy and authentication features
 libkf5auth-dev - Abstraction to system policy and authentication features
 libkf5auth5 - Abstraction to system policy and authentication features
Closes: 921995
Changes:
 kauth (5.28.0-2+deb9u1) stretch; urgency=medium
 .
   * CVE-2019-7443 (Closes: #921995)
Checksums-Sha1:
 d9011e1b98b219b65de2b8f4cc36f1bc7c383bdb 2503 kauth_5.28.0-2+deb9u1.dsc
 daa7ffaf0c04e5bf0488f8ddd00cf905a1894734 9608 
kauth_5.28.0-2+deb9u1.debian.tar.xz
 daaeda7126c431d3d079acb7e0442dfac029841a 14010 
kauth_5.28.0-2+deb9u1_amd64.buildinfo
 a9b39ed22b6e2116c699d82074d9099e0e212d43 337020 
libkf5auth-bin-dev-dbgsym_5.28.0-2+deb9u1_amd64.deb
 4e7afd19e009a173fe45aec439fa747cf5764c2d 24452 
libkf5auth-bin-dev_5.28.0-2+deb9u1_amd64.deb
 c1e9e243faeeb7fbbd84a5fcb6179d39d9ee058e 18652 
libkf5auth-data_5.28.0-2+deb9u1_all.deb
 014b8bf64b44619fe07b9dc8887126cb5a589d63 24908 
libkf5auth-dev_5.28.0-2+deb9u1_amd64.deb
 23437f584977b8268a76ea0c05bedbb6435cc89c 2091026 
libkf5auth5-dbgsym_5.28.0-2+deb9u1_amd64.deb
 bac4d64874a43106375ff595487b02c45e62d402 54378 
libkf5auth5_5.28.0-2+deb9u1_amd64.deb
Checksums-Sha256:
 8c1aac1aa7bc2b4ee33585a560eb0c634e596c1b6463b805bb9b16a39e5299de 2503 
kauth_5.28.0-2+deb9u1.dsc
 dfa88cd7bec4e363881d7fde37475b712aa8b61b55de4e3927d0dcad9654d928 9608 
kauth_5.28.0-2+deb9u1.debian.tar.xz
 8ac29bed5122180cbfe5ee872158715bca0d3a77127524716e68e65d1b0aefd5 14010 
kauth_5.28.0-2+deb9u1_amd64.buildinfo
 81be836fd62192cfa5b747c94ad7686dfdb7e7f8a0d2a6148c02acaf5ad8eb5f 337020 
libkf5auth-bin-dev-dbgsym_5.28.0-2+deb9u1_amd64.deb
 dc3d70bf4290334b5b5c44017af891f02842bcd6d2f766bf6032fbe6694bd75a 24452 
libkf5auth-bin-dev_5.28.0-2+deb9u1_amd64.deb
 e1f8b565d1746770a93d676b24206f70eb48b533eafb6da06af60123dda3eb6d 18652 
libkf5auth-data_5.28.0-2+deb9u1_all.deb
 0c84212d2b1a10dc7b56150e1198c9c639b6a98d03ffa7dea92a1a37dbf1ae3f 24908 
libkf5auth-dev_5.28.0-2+deb9u1_amd64.deb
 31a25137c8a634bf4c342d5113b607edd46131a5312188fc0b2b2f56c1057ed8 2091026 
libkf5auth5-dbgsym_5.28.0-2+deb9u1_amd64.deb
 0bc1027bf7ed26f099fea3cb962fc8f6c1586cd0ce3f48c2938152aeefd3a828 54378 
libkf5auth5_5.28.0-2+deb9u1_amd64.deb
Files:
 3b8dee517d6e9f3d718836c9b5fbc823 2503 libs optional kauth_5.28.0-2+deb9u1.dsc
 c98cd856f5bae8898fcc79b5147067f8 9608 libs optional 
kauth_5.28.0-2+deb9u1.debian.tar.xz
 9ebdbce8f25f2970c08e74c415730c59 14010 libs optional 
kauth_5.28.0-2+deb9u1_amd64.buildinfo
 2b6855344fe0bee87d0c18ff2f5c70e9 337020 debug extra 
libkf5auth-bin-dev-dbgsym_5.28.0-2+deb9u1_amd64.deb
 55495671e1376775f1210d3016e1ef5a 24452 libdevel optional 
libkf5auth-bin-dev_5.28.0-2+deb9u1_amd64.deb
 69109a54523f4ebc4730dff3f6a377b3 18652 libs optional 
libkf5auth-data_5.28.0-2+deb9u1_all.deb
 d8f4d636e68574393895d1a3f34643de 24908 libdevel optional 
libkf5auth-dev_5.28.0-2+deb9u1_amd64.deb
 35b4301d0fae98d9429d895515c1327e 2091026 debug extra 
libkf5auth5-dbgsym_5.28.0-2+deb9u1_amd64.deb
 d5c6e0bab31f0b33cde3fd647784864d 54378 libs optional 
libkf5auth5_5.28.0-2+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlx1h84ACgkQEMKTtsN8
TjYBQRAAisNT+kGfWnC4ISq8T9Uodp69OZ1SLym8dHq3zOFkuo1t1lOPciH+XglE
I6MMQ1x91rB0UdrxzxerhZkXg6as3bB270DxkONE0qCTBhLOr572HNHURDVCZQRt
bc7uUW+IL/OrnYEsLBJWLOcUgp1efw0B2uzYCqdtuWFQ1tkViKF98RZNPhcILLzV
4aF6BPJmp9p/uNzxS1kiJzlttvNClels+7o8ljD93ZlZJGl+D7dD2Nd+NOku7tfL
p62ceqRazWuaXkV1Dl5tEtAxukp0moQt4ib6FDdM1crDXkqwn0R5K7Dmfh6uzVP5
W79yMPkN5125pQGXvXNONxUenwt9VV8wUeSh1JxOQsdI+FJzCzWCp50VVGHUSpRp
PMI9ygTxOQoD6IFcN+1flEe92zn3ClMJikctKYdKs8MhEBKmGMTWLdc6CAT3Skk5
iUhGPX2C353B0SvAW/ca7sIA+5IOqT/lmB5n8EJGrO4qWKQexpJhqZFcScQxNWHX
cGOqo38p5oOIWj90exeZIVsSISvCAL3rrzlj7hCNroAcGx7zD1JznsQa0cPPpHng
2rkeeVMCuWm1fK7BjcRQAfEB1Zwj4t/kBD/DP0CvmADYkHsiaQ/2UxeG2dNib7Gc
rshnwP3oHZNie2u/CzJEG9YG/lOiVUgrQOzqLL0zeqs6DWT3VvY=
=X4EY
-----END PGP SIGNATURE-----

--- End Message ---