Forum: >>> Magnum BBS <<<

Bug#1103691: kitty: CVE-2025-43929

From Salvatore Bonaccorso@21:1/5 to All on Sun Apr 20 20:10:01 2025

Source: kitty
Version: 0.40.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for kitty.

CVE-2025-43929[0]:
| open_actions.py in kitty before 0.41.0 does not ask for user
| confirmation before running a local executable file that may have
| been linked from an untrusted document (e.g., a document opened in
| KDE ghostwriter).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-43929
https://www.cve.org/CVERecord?id=CVE-2025-43929
[1] https://github.com/0xBenCantCode/CVE-2025-43929
[2] https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	482
Nodes:	16 (0 / 16)
Uptime:	75:19:27
Calls:	9,572
Calls today:	3
Files:	13,666
Messages:	6,142,579