KDE has issued an advisory today (January 31): https://kde.org/info/security/advisory-20220131-1.txt Upstream commits to fix the issue are linked in the advisory above. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Patches available from upstream
Fedora has issued an advisory for Kate today (February 8): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EZYXB76JRC5HAOAK2N635KJFOZ2ARVSR/
The root cause of this issue was patched upstream in Qt itself and that fix was assigned a new CVE (CVE-2022-25255). Qt4 is also affected. SUSE has issued an advisory for this today (March 15): https://lists.suse.com/pipermail/sle-security-updates/2022-March/010443.html
Summary: ktexteditor, kate new security issue CVE-2022-23853 => qt4, qtbase5, ktexteditor, kate new security issue CVE-2022-23853 / CVE-2022-25255
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NIPE5FF5VKMSL2BZDJ46HDRCTHGR7IUG/
RedHat has issued an advisory for this today (November 8): https://access.redhat.com/errata/RHSA-2022:7482
Depends on: (none) => 31545
For Cauldron CVE-2022-23853 and CVE-2022-25255 seems fixed with: - kate-22.12.0-1.mga9 - ktexteditor-5.102.0-1.mga9 - qtbase5-5.15.7-4.mga9 (CVE-2022-25255 with patch 0165-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch) - qtbase6-6.4.1-5.mga9 For Qt4 I don't know if there is a fix or if it is affected??
CC: (none) => geiger.david68210
Qt4 is mentioned in the bug title here: https://bugzilla.suse.com/show_bug.cgi?id=1196501 but nowhere else in that bug, and nobody has patched it. I'll remove it.
Summary: qt4, qtbase5, ktexteditor, kate new security issue CVE-2022-23853 / CVE-2022-25255 => qtbase5, ktexteditor, kate new security issue CVE-2022-23853 / CVE-2022-25255Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
(In reply to David Walser from comment #2) > The root cause of this issue was patched upstream in Qt itself and that fix > was assigned a new CVE (CVE-2022-25255). Qt4 is also affected. > > SUSE has issued an advisory for this today (March 15): > https://lists.suse.com/pipermail/sle-security-updates/2022-March/010443.html qtbase5 fixed in: https://advisories.mageia.org/MGASA-2023-0051.html
Depends on: (none) => 31940
Depends on: 31940 => (none)
Mageia 8 EOL
Resolution: (none) => OLDCC: (none) => nicolas.salgueroStatus: NEW => RESOLVED