[SCM] ark packaging branch, master, updated. debian/16.08.3-1-3-g84b7efe
Maximiliano Curia
maxy at moszumanska.debian.org
Fri Feb 10 15:30:52 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/applications/ark.git;a=commitdiff;h=42c185a
The following commit has been merged in the master branch:
commit 42c185a2b0d9cf7ff18cb98eae8d2405ea0b8a0b
Author: Maximiliano Curia <maxy at gnuservers.com.ar>
Date: Fri Feb 10 15:49:03 2017 +0100
Add new patch: Stop-running-executables-when-opening-urls.patch (CVE-2017-5330)
Closes: 850874
Thanks: Salvatore Bonaccorso for reporting
---
...top-running-executables-when-opening-urls.patch | 26 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 27 insertions(+)
diff --git a/debian/patches/Stop-running-executables-when-opening-urls.patch b/debian/patches/Stop-running-executables-when-opening-urls.patch
new file mode 100644
index 0000000..48c0d9d
--- /dev/null
+++ b/debian/patches/Stop-running-executables-when-opening-urls.patch
@@ -0,0 +1,26 @@
+From: Elvis Angelaccio <elvis.angelaccio at kde.org>
+Date: Fri, 6 Jan 2017 15:35:46 +0100
+Subject: Stop running executables when opening urls
+
+This is a security risk because it's not clear when an entry in an
+archive is an executable.
+
+BUG: 374572
+FIXED-IN: 16.12.1
+---
+ part/part.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/part/part.cpp b/part/part.cpp
+index 0bb2bcb9..f71fc77b 100644
+--- a/part/part.cpp
++++ b/part/part.cpp
+@@ -945,7 +945,7 @@ void Part::slotOpenExtractedEntry(KJob *job)
+ } else {
+ KRun::runUrl(QUrl::fromUserInput(fullName, QString(), QUrl::AssumeLocalFile),
+ QMimeDatabase().mimeTypeForFile(fullName).name(),
+- widget());
++ widget(), false, false);
+ }
+ } else if (job->error() != KJob::KilledJobError) {
+ KMessageBox::error(widget(), job->errorString());
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..3d332dd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+Stop-running-executables-when-opening-urls.patch
--
ark packaging
More information about the pkg-kde-commits
mailing list