Re: kconfig and CVE-2019-14744

Rex Dieter wrote: Updates are now filed for all packaged versions of KDE Frameworks/Libraries: kf5-kconfig (thanks Rex): F30: https://bodhi.fedoraproject.org/updates/FEDORA-2019-48b691092f F29: https://bodhi.fedoraproject.org/updates/FEDORA-2019-1ebaa6e900 The F30 update is already queued for stable. The F29 update, which also updates KF5 to 5.59.0 as shipped in F30, still needs at least 2 karma (including the critical path "Does the system's basic functionality continue to work after this update?" confirmation). kdelibs 4: F30: https://bodhi.fedoraproject.org/updates/FEDORA-2019-a746ac9c89 F29: https://bodhi.fedoraproject.org/updates/FEDORA-2019-39d23c7a94 In addition to the security fix, this includes a kde-settings fix to remove the settings that were running xdg-user-dir from the config file, which no longer works and is no longer needed anyway. Both updates are fresh (not on the mirrors yet, should be in the next updates-testing push) and need at least 2 karma (including the critical path confirmation). kdelibs3: F30: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f9f78895c3 F29: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f2ee52c88 In addition to the security fix, this includes a backport adding native xdg-user-dirs support, so it no longer relies on kde-settings running the xdg-user-dir command from the configuration file. (It also includes a KJS crash fix.) Both updates still have 0 karma and need at least 1 karma. (This package is not in the critical path.) Please test the security fixes so they can go out as soon as possible. Kevin Kofler