Fedora has issued an advisory on October 2: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/ The issue is fixed upstream in 0.26.2.
Status comment: (none) => Fixed upstream in 0.26.2
Assigning to Stig, registered & active maintainer.
Assignee: bugsquad => smelror
Advisory ======== Kitty has been updated to version 0.26.3 to fix CVE-2022-41322. CVE-2022-41322: In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. References ========== https://nvd.nist.gov/vuln/detail/CVE-2022-41322 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/ https://sw.kovidgoyal.net/kitty/changelog/#id2 Files ===== Uploaded to core/updates_testing kitty-terminfo-0.26.3-1.mga8 kitty-docs-0.26.3-1.mga8 kitty-0.26.3-1.mga8 from kitty-0.26.3-1.mga8.src.rpm
Assignee: smelror => qa-bugs
CC: (none) => smelrorStatus comment: Fixed upstream in 0.26.2 => (none)
Having a look at this.
CC: (none) => tarazed25
mga8, x86_64 Installed the core packages and experimented a bit. website: https://sw.kovidgoyal.net/kitty/conf/ The system level kitty configuration is /etc/xdg/kitty/kitty.conf. Browser based documentation for kittens is in /usr/share/doc/kitty/html/kittens/ The man page is comprehensive. Modified kitty.conf to allow reading from the clipboard, changed terminal opacity and specified size as 960x640. That worked fine (after closing and reopening the terminal) but it could also be resized by dragging. Minimizing removed it from the desktop - recovered using window selector in panel. Examples: $ echo hooray | kitty +kitten clipboard $ kitty +kitten clipboard --get-clipboard hooray That did not work by default because reading is not enabled at installation time. $ kitty +kitten icat ~/images/ladybug.png That displayed a ladybird icon in the centre of following lines. All images are displayed faithfully and oversized images can be scrolled vertically. If both axes are oversized the image is resized to fit in the available space. Copy and paste works fine for text. Copied the system configuration file to <user>/.config/kitty/ and altered the opacity setting. Used the --config cli option to launch kitty but have not figured out yet whether this works or not. The named configuration is supposed to blend with the system file and override options which have been changed in the user file. ---------------------------------------------------------------------------- Updated the packages and tried out the functions used earlier. Changed the font family in the user config file: font_family Martian Mono Restarting kitty using '--config option' worked - the font was replaced with Martian Mono. $ kitty list-fonts Andale Mono Andale Mono Bitstream Vera Sans Mono Bitstream Vera Sans Mono Bitstream Vera Sans Mono Bold ..... The icat and clipboard kitten modules worked as before. Tried a few more things without seeing any regressions. There are many more facilities but these few show that the application works in general.
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodgins
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0364.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED