KDE has issued an advisory on May 10: https://kde.org/info/security/advisory-20200510-1.txt The issue was fixed upstream in 20.04.1 and the commit that fixed it is linked in the advisory.
Done for mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated kio-extras packages fix security vulnerability: fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password (CVE-2020-12755). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12755 https://kde.org/info/security/advisory-20200510-1.txt ======================== Updated packages in core/updates_testing: ======================== kio-extras-19.04.0-1.1.mga7 libmolletnetwork19-19.04.0-1.1.mga7 libkioarchive5-19.04.0-1.1.mga7 libkioarchive-devel-19.04.0-1.1.mga7 kio-extras-handbook-19.04.0-1.1.mga7 from kio-extras-19.04.0-1.1.mga7.src.rpm
Assignee: kde => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 23868 refers to thumbnails in Plasma- dolphin. Checked a lot of different file types in dolphin and found no diffferences with situation as before the update. So far, so good.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validated update, Advisory and packages in Comment 2.
CC: (none) => ouaurelien, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0371.html
Status: NEW => RESOLVEDResolution: (none) => FIXED