kf6-kcoreaddons - Debian Package Tracker

general

source: kf6-kcoreaddons (main)
version: 6.26.0-1
maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
uploaders: Aurélien COUDERC [DMD] – Patrick Franz [DMD]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 6.13.0-1
testing: 6.23.0-2
unstable: 6.26.0-1

versioned links

6.13.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.23.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.26.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libkf6coreaddons-data
libkf6coreaddons-dev
libkf6coreaddons-doc
libkf6coreaddons6
qml6-module-org-kde-coreaddons

action needed

A new upstream version is available: 6.27.0 high

A new upstream version 6.27.0 is available, you should consider packaging it.

Created: 2026-03-16 Last update: 2026-06-22 12:00

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

Created: 2026-04-28 Last update: 2026-06-21 07:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

Created: 2026-04-28 Last update: 2026-06-21 07:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-41526: In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

Created: 2026-04-28 Last update: 2026-06-21 07:30

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: unable to access 'https://salsa.debian.org/qt-kde-team/kde/kf6-kcoreaddons.git/': HTTP/2 stream 1 was not closed cleanly before end of the underlying stream

Created: 2026-06-20 Last update: 2026-06-21 04:31

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-03-17 Last update: 2026-06-22 14:02

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2026-06-21 Last update: 2026-06-21 09:32

testing migrations

excuses:
- Migrates after: kf6-extra-cmake-modules
- Migration status for kf6-kcoreaddons (6.23.0-2 to 6.26.0-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Reproducibility regression on armhf: libkf6coreaddons-dev, libkf6coreaddons6, qml6-module-org-kde-coreaddons
- ∙ ∙ Autopkgtest for heaptrack/1.5.0+dfsg1+git20260219.f16e8d3-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for ktimetracker/4:6.0.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for libkomparediff2/4:26.04.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for libplasma/6.6.5-2: amd64: Failed (not a regression) ♻ (reference ♻), arm64: Failed (not a regression) ♻ (reference ♻), i386: Failed (not a regression) ♻ (reference ♻), loong64: Failed (not a regression) ♻ (reference ♻), ppc64el: Failed (not a regression) ♻ (reference ♻), riscv64: Failed (not a regression) ♻ (reference ♻), s390x: Test triggered
- ∙ ∙ Autopkgtest for libreoffice/4:26.2.4.2-1: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Test triggered (failure will be ignored), loong64: Failed (not a regression) ♻ (reference ♻), ppc64el: Pass, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for plasma-activities/6.6.5-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Reproducibility check waiting for results on arm64 - info
- ∙ ∙ Too young, only 1 of 5 days old
- ∙ ∙ Build-Depends(-Arch): kf6-kcoreaddons kf6-extra-cmake-modules
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/k/kf6-kcoreaddons.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on i386 - info
- Not considered

news

[rss feed]

[2026-06-20] Accepted kf6-kcoreaddons 6.26.0-1 (source) into unstable (Aurélien COUDERC)
[2026-04-23] kf6-kcoreaddons 6.23.0-2 MIGRATED to testing (Debian testing watch)
[2026-04-17] Accepted kf6-kcoreaddons 6.23.0-2 (source) into unstable (Patrick Franz)
[2026-03-01] kf6-kcoreaddons 6.23.0-1 MIGRATED to testing (Debian testing watch)
[2026-02-24] Accepted kf6-kcoreaddons 6.23.0-1 (source) into unstable (Aurélien COUDERC)
[2025-11-23] kf6-kcoreaddons 6.20.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-17] Accepted kf6-kcoreaddons 6.20.0-1 (source) into unstable (Aurélien COUDERC)
[2025-10-06] kf6-kcoreaddons 6.18.0-2 MIGRATED to testing (Debian testing watch)
[2025-10-01] Accepted kf6-kcoreaddons 6.18.0-2 (source) into unstable (Patrick Franz)
[2025-09-30] Accepted kf6-kcoreaddons 6.18.0-1 (source) into unstable (Patrick Franz)
[2025-04-24] kf6-kcoreaddons 6.13.0-1 MIGRATED to testing (Debian testing watch)
[2025-04-12] Accepted kf6-kcoreaddons 6.13.0-1 (source) into unstable (Patrick Franz)
[2025-02-24] kf6-kcoreaddons 6.11.0-1 MIGRATED to testing (Debian testing watch)
[2025-02-19] Accepted kf6-kcoreaddons 6.11.0-1 (source) into unstable (Aurélien COUDERC)
[2025-01-17] kf6-kcoreaddons 6.10.0-1 MIGRATED to testing (Debian testing watch)
[2025-01-11] Accepted kf6-kcoreaddons 6.10.0-1 (source) into unstable (Aurélien COUDERC)
[2024-12-10] kf6-kcoreaddons 6.8.0-1 MIGRATED to testing (Debian testing watch)
[2024-12-05] Accepted kf6-kcoreaddons 6.8.0-1 (source) into unstable (Aurélien COUDERC)
[2024-11-21] kf6-kcoreaddons 6.6.0-2 MIGRATED to testing (Debian testing watch)
[2024-11-18] Accepted kf6-kcoreaddons 6.6.0-2 (source) into unstable (Sandro Knauß)
[2024-11-04] Accepted kf6-kcoreaddons 6.7.0-1 (source) into experimental (Simon Quigley)
[2024-09-27] kf6-kcoreaddons 6.6.0-1 MIGRATED to testing (Debian testing watch)
[2024-09-20] Accepted kf6-kcoreaddons 6.6.0-1 (source) into unstable (Aurélien COUDERC)
[2024-09-10] kf6-kcoreaddons 6.5.0-3 MIGRATED to testing (Debian testing watch)
[2024-09-08] Accepted kf6-kcoreaddons 6.5.0-3 (source) into unstable (Pino Toscano)
[2024-08-20] kf6-kcoreaddons 6.5.0-2 MIGRATED to testing (Debian testing watch)
[2024-08-18] Accepted kf6-kcoreaddons 6.5.0-2 (source) into unstable (Pino Toscano)
[2024-08-11] Accepted kf6-kcoreaddons 6.5.0-1 (source) into unstable (Aurélien COUDERC)
[2024-07-19] Accepted kf6-kcoreaddons 6.4.0-1 (source) into experimental (Aurélien COUDERC)
[2024-06-09] Accepted kf6-kcoreaddons 6.3.0-1 (source) into experimental (Patrick Franz)

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.26.0-0ubuntu1
patches for 6.26.0-0ubuntu1