DSA-4494-1 kconfig -- kconfig| ID: oval:org.secpod.oval:def:604496 | Date: (C)2019-08-12 (M)2023-12-20 |
| Class: PATCH | Family: unix |
Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file arbitrary commands could get executed. This update removes this feature.
| Platform: |
| Debian 10.x |
| Debian 9.x |
| Product: |
| libkf5configgui5 |
| libkf5configcore5 |
| libkf5config-dev |
| libkf5config-doc |
| libkf5config-bin |
| libkf5config-data |
