OESA-2026-1040

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1040
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-1040.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-1040
Upstream
Published
2026-01-09T14:06:47Z
Modified
2026-01-09T14:30:04.744202Z
Summary
kf5-messagelib security update
Details

.

Security Fix(es):

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.(CVE-2025-69412)

Database specific 
{
    "severity": "Low"
}
References

Affected packages

openEuler:24.03-LTS / kf5-messagelib

Package

Name
kf5-messagelib
Purl
pkg:rpm/openEuler/kf5-messagelib&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.08.4-3.oe2403

Ecosystem specific 

{
    "x86_64": [
        "kf5-messagelib-23.08.4-3.oe2403.x86_64.rpm",
        "kf5-messagelib-debuginfo-23.08.4-3.oe2403.x86_64.rpm",
        "kf5-messagelib-debugsource-23.08.4-3.oe2403.x86_64.rpm",
        "kf5-messagelib-devel-23.08.4-3.oe2403.x86_64.rpm"
    ],
    "src": [
        "kf5-messagelib-23.08.4-3.oe2403.src.rpm"
    ],
    "aarch64": [
        "kf5-messagelib-23.08.4-3.oe2403.aarch64.rpm",
        "kf5-messagelib-debuginfo-23.08.4-3.oe2403.aarch64.rpm",
        "kf5-messagelib-debugsource-23.08.4-3.oe2403.aarch64.rpm",
        "kf5-messagelib-devel-23.08.4-3.oe2403.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1040.json"