From $URL: Various KDE applications share a plugin system to create thumbnails of various file types for displaying in file managers, file dialogs, etc. kio-extras contains a thumbnailer plugin for HTML files. The HTML thumbnailer was incorrectly accessing some content of remote URLs listed in HTML files. This meant that the owners of the servers referred in HTML files in your system could have seen in their access logs your IP address every time the thumbnailer tried to create the thumbnail. The HTML thumbnailer has been removed in upcoming KDE Applications 18.12.0 because it was actually not creating thumbnails for files at all.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=218b518fb2e67d51ec8bed457f4ae7c1ea9148b6 commit 218b518fb2e67d51ec8bed457f4ae7c1ea9148b6 Author: Michael Palimaka <kensington@gentoo.org> AuthorDate: 2018-11-17 07:17:53 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2018-11-17 07:18:21 +0000 kde-apps/kio-extras: revision bump to resolve CVE-2018-19120 Bug: https://bugs.gentoo.org/671316 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Michael Palimaka <kensington@gentoo.org> kde-apps/kio-extras/kio-extras-18.04.3-r1.ebuild | 77 ++++++++++++++++++++++++ 1 file changed, 77 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae29e8fa07e2d152992b731a8e4e661365b920a9 commit ae29e8fa07e2d152992b731a8e4e661365b920a9 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-11-17 16:55:13 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-11-17 18:39:22 +0000 kde-apps/kio-extras: Security cleanup Bug: https://bugs.gentoo.org/671316 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/kio-extras/kio-extras-18.04.3.ebuild | 78 --------------------------- kde-apps/kio-extras/metadata.xml | 1 - 2 files changed, 79 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d517266d7e01c9ce5dc162298b4307cdcf36bfc0 commit d517266d7e01c9ce5dc162298b4307cdcf36bfc0 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-11-17 16:53:42 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-11-17 18:39:21 +0000 kde-apps/kio-extras: 18.04.3-r1 amd64/x86 stable No code change, no reason to involve arches. Bug: https://bugs.gentoo.org/671316 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/kio-extras/kio-extras-18.04.3-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
GLSA Vote: No
