| Name | CVE-2020-12755 |
| Description | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 960306 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| kio-extras (PTS) | stretch | 4:16.08.3-1 | vulnerable |
| buster | 4:18.08.3-1 | vulnerable |
| bullseye | 4:20.12.2-1 | fixed |
| bookworm | 4:22.12.3-1 | fixed |
| sid, trixie | 4:23.08.4-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| kio-extras | source | (unstable) | 4:20.08.3-1 | low | | 960306 |
Notes
[buster] - kio-extras <no-dsa> (Minor issue)
[stretch] - kio-extras <no-dsa> (Minor issue)
https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145