Your message dated Sat, 26 Apr 2025 08:49:25 +0000
with message-id <[email protected]>
and subject line Bug#1103691: fixed in kitty 0.41.1-1
has caused the Debian Bug report #1103691,
regarding kitty: CVE-2025-43929
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1103691: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103691
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: kitty
Version: 0.40.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for kitty.
CVE-2025-43929[0]:
| open_actions.py in kitty before 0.41.0 does not ask for user
| confirmation before running a local executable file that may have
| been linked from an untrusted document (e.g., a document opened in
| KDE ghostwriter).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-43929
https://www.cve.org/CVERecord?id=CVE-2025-43929
[1] https://github.com/0xBenCantCode/CVE-2025-43929
[2]
https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kitty
Source-Version: 0.41.1-1
Done: Nilesh Patra <[email protected]>
We believe that the bug you reported is fixed in the latest version of
kitty, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nilesh Patra <[email protected]> (supplier of updated kitty package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 26 Apr 2025 12:17:24 +0530
Source: kitty
Architecture: source
Version: 0.41.1-1
Distribution: unstable
Urgency: medium
Maintainer: Nilesh Patra <[email protected]>
Changed-By: Nilesh Patra <[email protected]>
Closes: 1103691
Changes:
kitty (0.41.1-1) unstable; urgency=medium
.
* New upstream version 0.41.1 (Closes: #1103691)
+ Addresses: CVE-2025-43929
* Refresh patches
* Add -tags testing to dh_auto_test so go:build testing files get picked up
Checksums-Sha1:
d9439075b315e2df2f32b1e9ac61ba49d0d98f49 2661 kitty_0.41.1-1.dsc
e2534d2501fbc6dd955875ba30f8266c4273a0e9 6381814 kitty_0.41.1.orig.tar.gz
4f67a75dcd1799bdf5ddbe2eabb7f44ee04d5c0e 1128684 kitty_0.41.1-1.debian.tar.xz
04b979062dc27ac6e4dc5581a7644ec4add7c42b 16096 kitty_0.41.1-1_amd64.buildinfo
Checksums-Sha256:
70cc511baab640514aac0f9b2573509b034463e0e1d3b426f1468281b5d5bd46 2661
kitty_0.41.1-1.dsc
16b26d56a06b1c94f02b0b8f6c7c8e557d208083f8b75235b1fcb68ed69d8b3d 6381814
kitty_0.41.1.orig.tar.gz
546cb2267af1bb8dd4703f52a228a606185ab3f7575d098c82d20c3bd8592d53 1128684
kitty_0.41.1-1.debian.tar.xz
305564be64232e6bd951760e326b87841ac0c38d81e05b5464f1fc080dc784f8 16096
kitty_0.41.1-1_amd64.buildinfo
Files:
15524aef1d2e84a075fc69043c157243 2661 x11 optional kitty_0.41.1-1.dsc
e68a4ec00c598642ba8286bc3c5372d3 6381814 x11 optional kitty_0.41.1.orig.tar.gz
d6d5342815620e0828ba59da0e02311f 1128684 x11 optional
kitty_0.41.1-1.debian.tar.xz
73c799cd23e206d785bfec714a2a48df 16096 x11 optional
kitty_0.41.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIgEARYKADAWIQSglbZu4JAkvuai8HIqJ5BL1yQ+2gUCaAyXshIcbmlsZXNoQGRl
Ymlhbi5vcmcACgkQKieQS9ckPtqTNAD+JMX9P3PxmbHWqdifhHnpYh6M20MBD1W0
LSJvuMeoD/gBAIcTOi6xTwUkAMZm2TwbD4kD+5gexMnMchO1KYihZ0QI
=2zYp
-----END PGP SIGNATURE-----
pgpzPs8_L5Usp.pgp
Description: PGP signature
--- End Message ---