511052 – org.kde.Platform 6.8 security issues in QTbase

Bug 511052 - org.kde.Platform 6.8 security issues in QTbase

Summary: org.kde.Platform 6.8 security issues in QTbase

Status:	RESOLVED FIXED

Alias:	None

Product:	Qt/KDE Flatpak Runtime
Classification:	Developer tools
Component:	general (other bugs)
Version First Reported In:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Aleix Pol

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-10-24 21:23 UTC by Gordon Messmer
Modified:	2025-11-01 21:11 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Gordon Messmer 2025-10-24 21:23:54 UTC

SUMMARY

QTbase 6.8.3 is affected by CVE-2025-5683 and CVE-2025-3512. Are there plans to provide security patches for this framework?

https://www.cvedetails.com/vulnerability-list/vendor_id-6363/product_id-10758/version_id-1824194/QT-QT-6.8.3.html

https://invent.kde.org/packaging/flatpak-kde-runtime/-/blob/qt6.8/org.kde.Sdk.json.in?ref_type=heads#L162

Comment 1 Albert Astals Cid 2025-10-31 13:33:37 UTC

I will patch this soon, having a bit of trouble with the git server being a bit strict and not accepting the CVE patches.

Comment 2 Albert Astals Cid 2025-11-01 21:11:58 UTC

Done https://invent.kde.org/packaging/flatpak-kde-runtime/-/commit/6ae082a9006db2777f43b43be2476e4ca55ed63f

Note we'll end-of-life the 6.8 runtime in less than a month