[SCM] ark packaging branch, master, updated. debian/16.08.3-1-3-g84b7efe

Maximiliano Curia maxy at moszumanska.debian.org
Fri Feb 10 15:30:52 UTC 2017


Gitweb-URL: http://git.debian.org/?p=pkg-kde/applications/ark.git;a=commitdiff;h=42c185a

The following commit has been merged in the master branch:
commit 42c185a2b0d9cf7ff18cb98eae8d2405ea0b8a0b
Author: Maximiliano Curia <maxy at gnuservers.com.ar>
Date:   Fri Feb 10 15:49:03 2017 +0100

    Add new patch: Stop-running-executables-when-opening-urls.patch (CVE-2017-5330)
    
    Closes: 850874
    Thanks: Salvatore Bonaccorso for reporting
---
 ...top-running-executables-when-opening-urls.patch | 26 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 27 insertions(+)

diff --git a/debian/patches/Stop-running-executables-when-opening-urls.patch b/debian/patches/Stop-running-executables-when-opening-urls.patch
new file mode 100644
index 0000000..48c0d9d
--- /dev/null
+++ b/debian/patches/Stop-running-executables-when-opening-urls.patch
@@ -0,0 +1,26 @@
+From: Elvis Angelaccio <elvis.angelaccio at kde.org>
+Date: Fri, 6 Jan 2017 15:35:46 +0100
+Subject: Stop running executables when opening urls
+
+This is a security risk because it's not clear when an entry in an
+archive is an executable.
+
+BUG: 374572
+FIXED-IN: 16.12.1
+---
+ part/part.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/part/part.cpp b/part/part.cpp
+index 0bb2bcb9..f71fc77b 100644
+--- a/part/part.cpp
++++ b/part/part.cpp
+@@ -945,7 +945,7 @@ void Part::slotOpenExtractedEntry(KJob *job)
+         } else {
+             KRun::runUrl(QUrl::fromUserInput(fullName, QString(), QUrl::AssumeLocalFile),
+                          QMimeDatabase().mimeTypeForFile(fullName).name(),
+-                         widget());
++                         widget(), false, false);
+         }
+     } else if (job->error() != KJob::KilledJobError) {
+         KMessageBox::error(widget(), job->errorString());
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..3d332dd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+Stop-running-executables-when-opening-urls.patch

-- 
ark packaging



More information about the pkg-kde-commits mailing list