Bug#664567: pu: kdeutils: diff for NMU version 4:4.4.5-1.1

To: submit@bugs.debian.org
Subject: Bug#664567: pu: kdeutils: diff for NMU version 4:4.4.5-1.1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sun, 18 Mar 2012 22:41:33 +0000
Message-id: <20120318224133.GA24972@lupin.home.powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 664567@bugs.debian.org

Package: release.debian.org
User: debian-release@lists.debian.org
Usertags: pu

Dear maintainer,

The following NMU is submitted to the release team for consideration
to fix bug #635541 in stable. Following their approval I will upload
it to DELAYED/5 if you do not object first.

RT: please comment/approve.

Thanks,


-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

<directhex> i have six years of solaris sysadmin experience, from
            8->10. i am well qualified to say it is made from bonghits
			layered on top of bonghits

diff -Nru kdeutils-4.4.5/debian/changelog kdeutils-4.4.5/debian/changelog
--- kdeutils-4.4.5/debian/changelog	2010-07-21 08:47:03.000000000 +0100
+++ kdeutils-4.4.5/debian/changelog	2012-03-18 21:38:38.000000000 +0000
@@ -1,3 +1,11 @@
+kdeutils (4:4.4.5-1.1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * CVE-2011-2725: Backport patch for upstream directory traversal in Ark
+    Closes: #635541 (thanks to Moritz Muehlenhoff)
+
+ -- Jonathan Wiltshire <jmw@debian.org>  Sun, 18 Mar 2012 21:36:25 +0000
+
 kdeutils (4:4.4.5-1) unstable; urgency=low
 
   [ Modestas Vainius ]
diff -Nru kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch
--- kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch	1970-01-01 01:00:00.000000000 +0100
+++ kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch	2012-03-18 21:43:23.000000000 +0000
@@ -0,0 +1,27 @@
+Description: fix directory traversal in Ark
+Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635541#32
+Bug-Debian: http://bugs.debian.org/635541
+Author: Moritz Muehlenhoff <jmm@debian.org>
+Reviewed-By: Jonathan Wiltshire <jmw@debian.org>
+Last-Update: 2012-03-18
+
+--- kdeutils-4.4.5.orig/ark/part/part.cpp
++++ kdeutils-4.4.5/ark/part/part.cpp
+@@ -500,8 +500,15 @@ void Part::slotPreviewExtracted(KJob *jo
+     if (!job->error()) {
+         const ArchiveEntry& entry =
+             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+-        const QString fullName =
+-            m_previewDir->name() + '/' + entry[ FileName ].toString();
++
++        QString fullName =
++            m_previewDir->name() + QLatin1Char('/') + entry[ FileName ].toString();
++
++        // Make sure a maliciously crafted archive with parent folders named ".." do
++        // not cause the previewed file path to be located outside the temporary
++        // directory, resulting in a directory traversal issue.
++        fullName.remove(QLatin1String("../"));
++
+         ArkViewer::view(fullName, widget());
+     } else {
+         KMessageBox::error(widget(), job->errorString());

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Re: Stable update of keepalived
Next by Date: Bug#663104: pu: package tremulous/1.1.0-7~squeeze1 (contrib)
Previous by thread: Re: Stable update of keepalived
Next by thread: Bug#664567: Info received (pu: kdeutils: diff for NMU version 4:4.4.5-1.1)
Index(es):
- Date
- Thread