Use of insecure channel - Source code In gnome-shell-extension-gsconnect
Description
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 14 | 71-1 | ||
debian 13 | 62-1+deb13u1 | ||
debian 14 | 25.11.80+git20251121.7090b106-1 | ||
debian 13 | 25.04.2-1+deb13u1 |
Aliases
1. 2. 3. 4. 5.