Your message dated Wed, 27 May 2026 07:47:59 +0000
with message-id <[email protected]>
and subject line Bug#1136172: fixed in kdenlive 22.12.3-2+deb12u2
has caused the Debian Bug report #1136172,
regarding kdenlive: CVE-2026-45184
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136172
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: kdenlive
Version: 26.04.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for kdenlive.
I'm still marking it as RC level at least so for forky it ensured to
make sure it is fixed before the release (still long way), although it
is likely a good idea to not just popen untrusted projects.
CVE-2026-45184[0]:
| Kdenlive before 26.04.1 allows dangerous proxy parameters when an
| attacker-controlled project file is used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-45184
https://www.cve.org/CVERecord?id=CVE-2026-45184
[1] https://kde.org/info/security/advisory-20260508-1.txt
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kdenlive
Source-Version: 22.12.3-2+deb12u2
Done: Patrick Matthäi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
kdenlive, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated kdenlive package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 May 2026 16:42:50 +0200
Source: kdenlive
Binary: kdenlive kdenlive-data kdenlive-dbgsym
Architecture: source all amd64
Version: 22.12.3-2+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Description:
kdenlive - non-linear video editor
kdenlive-data - non-linear video editor (data files)
Closes: 1136172
Changes:
kdenlive (22.12.3-2+deb12u2) bookworm-security; urgency=high
.
* Add patch 02-CVE-2026-45184: Dangerous proxy parameters, when an
attacker-controlled project file is used.
Closes: #1136172
Checksums-Sha1:
aae358cf9d315b50f599c161097f05761b4b42e5 2885 kdenlive_22.12.3-2+deb12u2.dsc
d3154f2b0a9e3c0c86d3d7c8d87c153546dd3712 12530760 kdenlive_22.12.3.orig.tar.xz
fceb50c177a2c74aee21a3692a454c757d58fbc8 833 kdenlive_22.12.3.orig.tar.xz.asc
821f926393192b25e06c7dd6069fa22378317342 19028
kdenlive_22.12.3-2+deb12u2.debian.tar.xz
5ef227d5585875e90e6f6cd83b8fbccab08f94f3 10246212
kdenlive-data_22.12.3-2+deb12u2_all.deb
a51fd9734836c6f0f34a0bce13192da2b46bf18d 60032296
kdenlive-dbgsym_22.12.3-2+deb12u2_amd64.deb
3b52c145a05e6e6f2772d7fa7caa46f290488862 28432
kdenlive_22.12.3-2+deb12u2_amd64.buildinfo
2313925c62672991a46cb8ce522ce05ca30d0b70 2941732
kdenlive_22.12.3-2+deb12u2_amd64.deb
Checksums-Sha256:
613b050ca0175ac4feec8c00d4d43040dff79ec445c14f6168f26880f874d668 2885
kdenlive_22.12.3-2+deb12u2.dsc
72ee0cbbe3302f03170049c0e0e427a5017cf995f6e5f4585f399224627c3c69 12530760
kdenlive_22.12.3.orig.tar.xz
6570beb9e8dab754be58d6478fb0236d08ecd31423dcaf9312d813324f46c14b 833
kdenlive_22.12.3.orig.tar.xz.asc
9e68d5e16c80917d5cf972e17284ca103bf3838550ad49451aebe754ce22b2e3 19028
kdenlive_22.12.3-2+deb12u2.debian.tar.xz
f4ab20ba8de7e7fb7857d671592a94495f51f4e86e64869f438ddba7428b4dad 10246212
kdenlive-data_22.12.3-2+deb12u2_all.deb
c0be4689d4195096b0bea36ac974b129619b02f65628915c16cd04404385b647 60032296
kdenlive-dbgsym_22.12.3-2+deb12u2_amd64.deb
52289609caf73aea766fac868fcfad813cc3ddf6cdb8f833c5609c9a1b187b00 28432
kdenlive_22.12.3-2+deb12u2_amd64.buildinfo
fc9d23603c3522d10aee562c356d41ed3f592f77375b3998f61a5aea1a085943 2941732
kdenlive_22.12.3-2+deb12u2_amd64.deb
Files:
e1a39cdaff749e70983b2b2c1e48b7a0 2885 video optional
kdenlive_22.12.3-2+deb12u2.dsc
f53b6bcbde62123ece8408a3ec0d698b 12530760 video optional
kdenlive_22.12.3.orig.tar.xz
6910438864bcea1c4eccca868a79e1a1 833 video optional
kdenlive_22.12.3.orig.tar.xz.asc
9a28c2163159ab7d6e7b2e6765346cbf 19028 video optional
kdenlive_22.12.3-2+deb12u2.debian.tar.xz
67204ed803f1901908c4f13178ef0504 10246212 video optional
kdenlive-data_22.12.3-2+deb12u2_all.deb
9a3308809d2d1a3863bdd199cf7a07d4 60032296 debug optional
kdenlive-dbgsym_22.12.3-2+deb12u2_amd64.deb
8aa095ee01c762463b6306b3584903cf 28432 video optional
kdenlive_22.12.3-2+deb12u2_amd64.buildinfo
15326959f18374f445900e2d41ad6e02 2941732 video optional
kdenlive_22.12.3-2+deb12u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAmoQb6gACgkQEtmwSpDL
2OQKqA/+N4YaYFI5M2aHb0bX65TBZ39k/wZvFOEyEFnBLCwET12B4K0l5cXHy5FA
TfuhFTgrvyZDhqQIK7HTkJCm9ystVfn8/0ZcZLyEAWh72oFkllwjz70iU1VUdrft
UmC/kd/zd5RSyiY9/olwiawOK1CvVe9Iwth4QboYffXA9l0Rw14r77JCJ5wBDd75
oZ4iNxmNmGHH9qbaRBa9soxFBn+JLtsqq8W+nEV2I1Yto6uB6COYDnOuHSdUIgqH
xALWe3edhIQzgSBIBBPOjvUToCZulGSlCgPaLuIyrzQRhfI/fpDZGjGnmC1KPSEa
FL5ITdlC0K8VpRZdVL6dKl0H1pS5iscmrDuqnYve+L1rwBFhEv+rqhNSSZtbRqeX
0NdexYDaJU/HEhSKa2atCMw3JP5DVsRWa2GRBxerdmTS2kbTRYQcYoBMVEIU0b/O
W57wMhvlr/Grkibc3tRgHl5oEp7dxmmDecDsI+c1Ay1nbcsGyGt3qKgM5wQgAXFs
HbDeSsLiCg/ZQka808CTizBZ/WWimDoQTK8FjXz4EPIaziGBHQInWeg8YMW+zh/w
ZPrJYlWu41C3oLqOgSb+WO/wande8VJwwDs2BHXPwIQMZN+bJjBJNAtRNpDuCg/z
3MhKJSbzPqqnXTsrsxQyE7vdoOBdxC6vPw3cc/8sDuK3tYZkd/k=
=gqbD
-----END PGP SIGNATURE-----
pgpzW5F90ejI6.pgp
Description: PGP signature
--- End Message ---
