type: security
subject: Updated kio-extras packages fix security vulnerability
CVE:
 - CVE-2020-12755
src:
  7:
   core:
     - kio-extras-19.04.0-1.1.mga7
description: |
  fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through
  20.04.0 makes a cacheAuthentication call even if the user had not set the
  keepPassword option. This may lead to unintended KWallet storage of the
  password (CVE-2020-12755).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=27297
 - https://kde.org/info/security/advisory-20200510-1.txt
ID: MGASA-2020-0371