Source: kio-extras Version: 4:19.12.3-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for kio-extras. CVE-2020-12755[0]: | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras | through 20.04.0 makes a cacheAuthentication call even if the user had | not set the keepPassword option. This may lead to unintended KWallet | storage of a password. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-12755 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12755 [1] https://cgit.kde.org/kio-extras.git/commit/?id=d813cef3cecdec9af1532a40d677a203ff979145 Please adjust the affected versions in the BTS as needed. Regards, Salvatore