user/kpmcore: CVE-2020-27187: kpmcore_externalcommand incomplete dbus check
| Bugzilla ID | 381 |
| Alias(es) | CVE-2020-27187 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:16:23 -0600 |
| Modified | 2020-11-21 23:16:23 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/kpmcore |
Description
Fixed in >= 4.2.0, but commit marked as fixer is already present in git repo's tag of 4.1.0? https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed