Debian Kitty vulnerabilities

CVE-2025-43929 [MEDIUM] CVE-2025-43929: kitty - open_actions.py in kitty before 0.41.0 does not ask for user confirmation before... open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter). Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 0.41.1-1) sid: resolved (fixed in 0.41.1-1) trixie: resolved (fixed in 0.41.1-1)

CVE-2022-41322 [HIGH] CVE-2022-41322: kitty - In Kitty before 0.26.2, insufficient validation in the desktop notification esca... In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. Scope: local bookworm: resolved (fixed in 0.21.2-2) bullseye: resolved (fixed in 0.19.3-1+deb11u1) forky: resolved (fixed in 0.21.2-2) si

CVE-2020-35605 [CRITICAL] CVE-2020-35605: kitty - The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote... The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. Scope: local bookworm: resolved (fixed in 0.19.3-1) bullseye: resolved (fixed in 0.19.3-1) forky: resolved (fixed in 0.19.3-1) sid: resolved (fixed in 0.19.3-1) tr