[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14744/{kconfig,kde4libs}

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13274989 by Salvatore Bonaccorso at 2019-08-08T11:46:32Z
Add CVE-2019-14744/{kconfig,kde4libs}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,7 +62,12 @@ CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exist
 	- radare2 <unfixed> (bug #934204)
 	NOTE: https://github.com/radare/radare2/pull/14690
 CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...)
-	TODO: check
+	- kconfig <unfixed>
+	- kde4libs <unfixed>
+	NOTE: https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt
+	NOTE: https://kde.org/info/security/advisory-20190807-1.txt
+	NOTE: kconfig: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
+	NOTE: kdelibs: https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00
 CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...)
 	NOT-FOR-US: Valve Steam Client for Windows
 CVE-2019-14742



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13274989888ba05cab3228f09ae874549348ac76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13274989888ba05cab3228f09ae874549348ac76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190808/ae4a9d0e/attachment.html>