Bug 511052

Summary: org.kde.Platform 6.8 security issues in QTbase
Product: [Developer tools] Qt/KDE Flatpak Runtime Reporter: Gordon Messmer <gordon.messmer>
Component: generalAssignee: Aleix Pol <aleixpol>
Status: RESOLVED FIXED    
Severity: normal CC: aacid
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Gordon Messmer 2025-10-24 21:23:54 UTC 
SUMMARY

QTbase 6.8.3 is affected by CVE-2025-5683 and CVE-2025-3512. Are there plans to provide security patches for this framework?

https://www.cvedetails.com/vulnerability-list/vendor_id-6363/product_id-10758/version_id-1824194/QT-QT-6.8.3.html

https://invent.kde.org/packaging/flatpak-kde-runtime/-/blob/qt6.8/org.kde.Sdk.json.in?ref_type=heads#L162
Comment 1 Albert Astals Cid 2025-10-31 13:33:37 UTC 
I will patch this soon, having a bit of trouble with the git server being a bit strict and not accepting the CVE patches.
Comment 2 Albert Astals Cid 2025-11-01 21:11:58 UTC 
Done https://invent.kde.org/packaging/flatpak-kde-runtime/-/commit/6ae082a9006db2777f43b43be2476e4ca55ed63f

Note we'll end-of-life the 6.8 runtime in less than a month