Debian Package Tracker
Register | Log in
Subscribe

kcoreaddons

Choose email to subscribe with

general
  • source: kcoreaddons (main)
  • version: 5.116.0-2
  • maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
  • uploaders: Aurélien COUDERC [DMD] – Patrick Franz [DMD]
  • arch: all any
  • std-ver: 4.7.4
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 5.78.0-4
  • oldstable: 5.103.0-1
  • stable: 5.116.0-1
  • testing: 5.116.0-1
  • unstable: 5.116.0-2
versioned links
  • 5.78.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.103.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.116.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.116.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libkf5coreaddons-data
  • libkf5coreaddons-dev
  • libkf5coreaddons-dev-bin
  • libkf5coreaddons-doc
  • libkf5coreaddons5
action needed
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Created: 2026-04-28 Last update: 2026-07-06 00:30
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Created: 2026-04-28 Last update: 2026-07-06 00:30
1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:
  • CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Created: 2026-04-28 Last update: 2026-07-06 00:30
1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:
  • CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Created: 2026-04-28 Last update: 2026-07-06 00:30
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
The following paragraph isn't well formatted, skipping it: << ==EOF==
Untrackable: EOL source; the Qt 6 version is packaged as src:kf6-kcoreaddons.
==EOF==
Created: 2026-07-05 Last update: 2026-07-05 23:00
1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:
  • CVE-2026-41526: (needs triaging) In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-04-28 Last update: 2026-07-06 00:30
testing migrations
  • excuses:
    • Migration status for kcoreaddons (5.116.0-1 to 5.116.0-2): BLOCKED: Maybe temporary, maybe blocked but Britney is missing information (check below)
    • Issues preventing migration:
    • ∙ ∙ Missing build on amd64
    • ∙ ∙ Missing build on arm64
    • ∙ ∙ Missing build on armhf
    • ∙ ∙ Missing build on i386
    • ∙ ∙ Missing build on loong64
    • ∙ ∙ Missing build on ppc64el
    • ∙ ∙ Missing build on riscv64
    • ∙ ∙ Missing build on s390x
    • ∙ ∙ Missing build on all
    • ∙ ∙ Autopkgtest deferred: missing builds
    • ∙ ∙ Lintian check deferred: missing builds
    • ∙ ∙ Reproducibility check deferred on amd64: missing builds - info
    • ∙ ∙ Reproducibility check deferred on arm64: missing builds - info
    • ∙ ∙ Reproducibility check deferred on armhf: missing builds - info
    • ∙ ∙ Reproducibility check deferred on i386: missing builds - info
    • ∙ ∙ Too young, only 0 of 5 days old
    • Additional info (not blocking):
    • ∙ ∙ Updating kcoreaddons will fix bugs in testing: #1135179
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/k/kcoreaddons.html
    • Not considered
news
[rss feed]
  • [2026-07-05] Accepted kcoreaddons 5.116.0-2 (source) into unstable (Pino Toscano)
  • [2025-05-01] kcoreaddons 5.116.0-1 MIGRATED to testing (Debian testing watch)
  • [2025-04-20] Accepted kcoreaddons 5.116.0-1 (source) into unstable (Aurélien COUDERC)
  • [2024-05-09] kcoreaddons 5.115.0-2 MIGRATED to testing (Debian testing watch)
  • [2024-05-04] Accepted kcoreaddons 5.115.0-2 (source) into unstable (Patrick Franz)
  • [2024-03-16] Accepted kcoreaddons 5.115.0-1 (source) into experimental (Patrick Franz)
  • [2023-06-24] kcoreaddons 5.107.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-06-24] kcoreaddons 5.107.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-06-18] Accepted kcoreaddons 5.107.0-1 (source) into unstable (Aurélien COUDERC)
  • [2023-03-15] Accepted kcoreaddons 5.104.0-1 (source) into experimental (Aurélien COUDERC)
  • [2023-02-24] kcoreaddons 5.103.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-02-13] Accepted kcoreaddons 5.103.0-1 (source) into unstable (Aurélien COUDERC)
  • [2023-01-28] kcoreaddons 5.102.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-01-22] Accepted kcoreaddons 5.102.0-1 (source) into unstable (Aurélien COUDERC)
  • [2022-12-20] kcoreaddons 5.101.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-12-13] Accepted kcoreaddons 5.101.0-1 (source) into unstable (Aurélien COUDERC)
  • [2022-11-25] kcoreaddons 5.100.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-11-25] kcoreaddons 5.100.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-11-20] Accepted kcoreaddons 5.100.0-1 (source) into unstable (Aurélien COUDERC)
  • [2022-09-25] kcoreaddons 5.98.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-09-19] Accepted kcoreaddons 5.98.0-1 (source) into unstable (Aurélien COUDERC) (signed by: Patrick Franz)
  • [2022-08-21] kcoreaddons 5.97.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-08-15] Accepted kcoreaddons 5.97.0-1 (source) into unstable (Aurélien COUDERC) (signed by: Patrick Franz)
  • [2022-08-06] kcoreaddons 5.96.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-07-31] Accepted kcoreaddons 5.96.0-1 (source) into unstable (Aurélien COUDERC) (signed by: Patrick Franz)
  • [2022-05-28] kcoreaddons 5.94.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-05-25] Accepted kcoreaddons 5.94.0-1 (source) into unstable (Aurélien COUDERC)
  • [2022-05-18] kcoreaddons 5.93.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-05-12] Accepted kcoreaddons 5.93.0-1 (source) into unstable (Aurélien COUDERC)
  • [2022-02-17] kcoreaddons 5.90.0-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 5.116.0-1ubuntu1
  • patches for 5.116.0-1ubuntu1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing