ALT-PU-2022-6047-1
Package kitty updated to version 0.26.2-alt2 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2022-09-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-41322
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://bugs.gentoo.org/868543
- https://bugs.gentoo.org/868543
- https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
- https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
- https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
- https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
- FEDORA-2022-04bc7cd075
- FEDORA-2022-04bc7cd075
- FEDORA-2022-d718af66d1
- FEDORA-2022-d718af66d1
- GLSA-202209-22
- GLSA-202209-22
- https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
- https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
Closed bugs
Некорректная работа kitten panel в kitty.
Функция kitten icat в kitty не работает без ImageMagick.