ark - CVE-2020-16116

To: debian-qt-kde@lists.debian.org
Subject: ark - CVE-2020-16116
From: Abhijith PA <abhijith@disroot.org>
Date: Fri, 9 Oct 2020 15:37:54 +0530
Message-id: <[🔎] db04e8e2-c1ef-58a3-7684-068e06f663b2@disroot.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello debian-qt-kde team,

I was preparing CVE-2020-16116[1] security update for the stretch. I was
able to backport the patch[2]. But when I ran 'ark --batch (CLI mode)
against the PoC[3] it crashes while loading GUI works as intended. Can
you help me.


- --abhijith

[1] - https://security-tracker.debian.org/tracker/CVE-2020-16116
[2] - https://people.debian.org/~abhijith/upload/backport_to_1608.patch
crashes
[3] -
https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl+ANnoACgkQhj1N8u2c
KO8xNg//Vhhw0cfF7Tju5RCaIPzIEaBJ2MYZmy450YO4v/NyyjoiohDpk5tN2yS8
dD3JkVnF5Zn7Gh4UVm5GM5B//1a01n5k2HspdvDX1FIEZJ5IaUDbaKJtG5vCmrm4
fw49dRMC1WHgsT4xPK1t43zk+FaIngBuU3nWnA4kTWq6c+MiF+V4uLUE9Jjp49K4
/1qR+5iAFH4Fe7x/XQWVRGwrhHjLj1DinZmGsGByhLToAw+yYAEoBeD0YLE0sMwr
3FG2yamHl8UX867xFdM2motKxOoAjetpghAnfc+TJuNGXXdiSshWKDFOny8cB1dV
o0/ooIK8yYsZLQYdppGHM52G51tbh67fgGABNN91vRPNwCW3L4ggG/wyl1DBR3KE
1gSnudQ+53LXCESdi8NzCioXnN2qg6HAtOCkCdjexIUII/HSEoGkzeN/M55oCxlc
XuKzacW03cmSex2xzC5/PetTCCko+tdf5h+W5D8YMG35YuIwCtN+hSU+8kVpvPrG
eV1GqFuuKycudi7tNQlgFQrVh70yB8W2WpNG1s6hb+YE6yeSYwa2JjyYc3iuMaHn
YG9upV6oM7ER1R8Kz1oJBc0i5HO62gifMPfZXHEEJiYednVfPcTzB+RQfx2kY2ZZ
EpzNgeQsL08rn+KLw/mdFU4H/uR2FdTd3K1m3Ifvc1BugP5X/1s=
=65YS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: plasma-wayland-protocols_1.1.1-2_source.changes ACCEPTED into unstable
Next by Date: Processing of qtdeclarative-opensource-src_5.15.1+dfsg-2_source.changes
Previous by thread: plasma-wayland-protocols_1.1.1-2_source.changes ACCEPTED into unstable
Next by thread: Processing of qtdeclarative-opensource-src_5.15.1+dfsg-2_source.changes
Index(es):
- Date
- Thread