RedHat has issued an advisory on November 3: https://access.redhat.com/errata/RHSA-2020:4690
Status comment: (none) => Patch available from RedHat
Advisory: ======================== Updated qtwebsockets5 packages fix security vulnerability: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption) (CVE-2018-21035). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21035 https://access.redhat.com/errata/RHSA-2020:4690 ======================== Updated packages in core/updates_testing: ======================== qtwebsockets5-5.12.6-1.1.mga7 qtwebsockets5-doc-5.12.6-1.1.mga7 libqt5websockets5-5.12.6-1.1.mga7 libqt5websockets-devel-5.12.6-1.1.mga7 from qtwebsockets5-5.12.6-1.1.mga7.src.rpm
Status comment: Patch available from RedHat => (none)Assignee: kde => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. This seems to me like ddeveloper's library, confirmed by # urpmq --whatrequires qtwebsockets5 lib64qt5websockets-devel qtwebsockets5 and # urpmq --whatrequires-recursive qtwebsockets5 lib64nextcloud-client-devel lib64qt5websockets-devel qtwebsockets5 So OK'ing on clean install.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Sounds good to me, Herman. Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => ouaurelienCVE: (none) => CVE-2018-21035
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0270.html
Status: NEW => RESOLVEDResolution: (none) => FIXED