[SCM] KDE Utilities module packaging branch, kde4.6, updated. debian/4.6.5-3-2-ga7732b1

Pino Toscano pino at alioth.debian.org
Sat Dec 3 11:30:34 UTC 2011 

The following commit has been merged in the kde4.6 branch:
commit a7732b15d39e749d559c3183347d831ae7982a41
Author: Pino Toscano <pino at debian.org>
Date:   Sat Dec 3 12:30:00 2011 +0100

    fix CVE-2011-2725 (#635541)
    
    backport the upstream r1259334 for it
---
 debian/changelog                      |    3 +++
 debian/patches/CVE-2011-2725_4.6.diff |   22 ++++++++++++++++++++++
 debian/patches/series                 |    1 +
 3 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 05d4846..ca67229 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
 kdeutils (4:4.6.5-4) UNRELEASED; urgency=low
 
+  [ Pino Toscano ]
+  * Backport the upstream r1259334 from the 4.6 branch to fix the Ark
+    directory traversal, CVE-2011-2725. (Closes: #635541)
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Sat, 03 Dec 2011 12:22:25 +0100
 
diff --git a/debian/patches/CVE-2011-2725_4.6.diff b/debian/patches/CVE-2011-2725_4.6.diff
new file mode 100644
index 0000000..4be5819
--- /dev/null
+++ b/debian/patches/CVE-2011-2725_4.6.diff
@@ -0,0 +1,22 @@
+Index: kdeutils/ark/part/part.cpp
+===================================================================
+--- kdeutils/ark/part/part.cpp	(revision 1259333)
++++ kdeutils/ark/part/part.cpp	(revision 1259334)
+@@ -558,8 +558,15 @@
+     if (!job->error()) {
+         const ArchiveEntry& entry =
+             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+-        const QString fullName =
+-            m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
++
++        QString fullName =
++            m_previewDir->name() + QLatin1Char('/') + entry[ FileName ].toString();
++
++        // Make sure a maliciously crafted archive with parent folders named ".." do
++        // not cause the previewed file path to be located outside the temporary
++        // directory, resulting in a directory traversal issue.
++        fullName.remove(QLatin1String("../"));
++
+         ArkViewer::view(fullName, widget());
+     } else {
+         KMessageBox::error(widget(), job->errorString());
diff --git a/debian/patches/series b/debian/patches/series
index c19ff3f..bdaf1a7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 kcalc_key_bindings.diff
+CVE-2011-2725_4.6.diff

-- 
KDE Utilities module packaging

More information about the pkg-kde-commits mailing list