Source: kotlin Version: 1.3.31+~1.0.1+~0.11.12-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi Andrej, Looking at https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/ there is an entry for Kotlin. It is said to be fixed in 1.4.21 but there is little other information. https://youtrack.jetbrains.com/issue/KT-42181 is not accessible neither. I'm filling this bug for tracking the issue: CVE-2020-29582: | In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for | temporary file and folder creation. An attacker was able to read data | from such files and list directories due to insecure permissions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Please adjust the affected versions in the BTS as needed. Regards, Salvatore