[SCM] KDE Utilities module packaging branch, kde4.6, updated. debian/4.6.5-3-2-ga7732b1
Pino Toscano
pino at alioth.debian.org
Sat Dec 3 11:30:34 UTC 2011
The following commit has been merged in the kde4.6 branch:
commit a7732b15d39e749d559c3183347d831ae7982a41
Author: Pino Toscano <pino at debian.org>
Date: Sat Dec 3 12:30:00 2011 +0100
fix CVE-2011-2725 (#635541)
backport the upstream r1259334 for it
---
debian/changelog | 3 +++
debian/patches/CVE-2011-2725_4.6.diff | 22 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 26 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 05d4846..ca67229 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
kdeutils (4:4.6.5-4) UNRELEASED; urgency=low
+ [ Pino Toscano ]
+ * Backport the upstream r1259334 from the 4.6 branch to fix the Ark
+ directory traversal, CVE-2011-2725. (Closes: #635541)
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 03 Dec 2011 12:22:25 +0100
diff --git a/debian/patches/CVE-2011-2725_4.6.diff b/debian/patches/CVE-2011-2725_4.6.diff
new file mode 100644
index 0000000..4be5819
--- /dev/null
+++ b/debian/patches/CVE-2011-2725_4.6.diff
@@ -0,0 +1,22 @@
+Index: kdeutils/ark/part/part.cpp
+===================================================================
+--- kdeutils/ark/part/part.cpp (revision 1259333)
++++ kdeutils/ark/part/part.cpp (revision 1259334)
+@@ -558,8 +558,15 @@
+ if (!job->error()) {
+ const ArchiveEntry& entry =
+ m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+- const QString fullName =
+- m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
++
++ QString fullName =
++ m_previewDir->name() + QLatin1Char('/') + entry[ FileName ].toString();
++
++ // Make sure a maliciously crafted archive with parent folders named ".." do
++ // not cause the previewed file path to be located outside the temporary
++ // directory, resulting in a directory traversal issue.
++ fullName.remove(QLatin1String("../"));
++
+ ArkViewer::view(fullName, widget());
+ } else {
+ KMessageBox::error(widget(), job->errorString());
diff --git a/debian/patches/series b/debian/patches/series
index c19ff3f..bdaf1a7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
kcalc_key_bindings.diff
+CVE-2011-2725_4.6.diff
--
KDE Utilities module packaging
More information about the pkg-kde-commits
mailing list