Bug#635541: ark: Directory traversal
On Tue, Jul 26, 2011 at 10:20:46PM +0200, Moritz Muehlenhoff wrote:
> Package: ark
> Version: 4:4.6.5-2
> Severity: grave
> Tags: security
> The following was reported on oss-security. There's no CVE assignment
> or any details yet:
> Date: Mon, 25 Jul 2011 14:45:14 -0400
> From: Jeff Mitchell <email@example.com>
> Subject: [oss-security] CVE Request: Ark path traversal
> Ark contains a path traversal vulnerability allowing a
> maliciously-crafted zip file to allow for an arbitrary file to be
> displayed and, if the user has appropriate credentials, removed.
> Can we please get a CVE for this?
> Could you contact upstream for details?
KDE maintainers, what's the status?
This has been assigned CVE-2011-2725. Red Hat has collected the
information nicely: https://bugzilla.redhat.com/show_bug.cgi?id=725764