Debian Bug report logs -
Maintainer for src:kconfig is Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 8 Aug 2019 21:33:02 UTC
Tags: patch, security, upstream
Dominik Penner discovered that KConfig, the KDE configuration settings
framework, supported a feature to define shell command execution in
desktop files If a user is provided with a malformed desktop file
(eg if it's embedded into a downloaded archive and it gets opened in
a file browser) arbitrary commands could get executed This update
KConfig and KDE libraries could be made to crash or run programs if it
opened a specially crafted file ...
CVE-2019-14744 kdelibs: malic ...