Version in base suite: 22.12.3-1

Base version: konsole_22.12.3-1
Target version: konsole_22.12.3-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/k/konsole/konsole_22.12.3-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/k/konsole/konsole_22.12.3-1+deb12u1.dsc

 changelog                    |    6 ++++++
 patches/CVE-2025-49091.patch |   18 ++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 25 insertions(+)

diff -Nru konsole-22.12.3/debian/changelog konsole-22.12.3/debian/changelog
--- konsole-22.12.3/debian/changelog	2023-03-01 10:57:56.000000000 +0000
+++ konsole-22.12.3/debian/changelog	2025-06-11 18:12:08.000000000 +0000
@@ -1,3 +1,9 @@
+konsole (4:22.12.3-1+deb12u1) bookworm-security; urgency=medium
+
+  * CVE-2025-49091
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 11 Jun 2025 20:12:08 +0200
+
 konsole (4:22.12.3-1) unstable; urgency=medium
 
   [ Aurélien COUDERC ]
diff -Nru konsole-22.12.3/debian/patches/CVE-2025-49091.patch konsole-22.12.3/debian/patches/CVE-2025-49091.patch
--- konsole-22.12.3/debian/patches/CVE-2025-49091.patch	1970-01-01 00:00:00.000000000 +0000
+++ konsole-22.12.3/debian/patches/CVE-2025-49091.patch	2025-06-11 12:12:33.000000000 +0000
@@ -0,0 +1,18 @@
+From 09d20dea109050b4c02fb73095f327b5642a2b75 Mon Sep 17 00:00:00 2001
+From: Kurt Hindenburg <kurt.hindenburg@gmail.com>
+Date: Wed, 28 May 2025 18:54:39 -0400
+Subject: [PATCH] Clear the arguments if the command is not found
+
+--- konsole-22.12.3.orig/src/session/Session.cpp
++++ konsole-22.12.3/src/session/Session.cpp
+@@ -461,8 +461,10 @@ void Session::run()
+     // if a program was specified via setProgram(), but it couldn't be found (but a fallback was), print a warning
+     if (exec != checkProgram(_program)) {
+         terminalWarning(i18n("Could not find '%1', starting '%2' instead.  Please check your profile settings.", _program, exec));
++        _arguments.clear(); // ignore args if program is invalid
+     } else if (exec != checkProgram(exec)) {
+         terminalWarning(i18n("Could not find '%1', starting '%2' instead.  Please check your profile settings.", exec, checkProgram(exec)));
++        _arguments.clear(); // ignore args if program is invalid
+     }
+ 
+     // if no arguments are specified, fall back to program name
diff -Nru konsole-22.12.3/debian/patches/series konsole-22.12.3/debian/patches/series
--- konsole-22.12.3/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ konsole-22.12.3/debian/patches/series	2025-06-11 12:12:22.000000000 +0000
@@ -0,0 +1 @@
+CVE-2025-49091.patch