Package: release.debian.org User: debian-rele...@lists.debian.org Usertags: pu
Dear maintainer, The following NMU is submitted to the release team for consideration to fix bug #635541 in stable. Following their approval I will upload it to DELAYED/5 if you do not object first. RT: please comment/approve. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 <directhex> i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits
diff -Nru kdeutils-4.4.5/debian/changelog kdeutils-4.4.5/debian/changelog --- kdeutils-4.4.5/debian/changelog 2010-07-21 08:47:03.000000000 +0100 +++ kdeutils-4.4.5/debian/changelog 2012-03-18 21:38:38.000000000 +0000 @@ -1,3 +1,11 @@ +kdeutils (4:4.4.5-1.1) stable; urgency=low + + * Non-maintainer upload. + * CVE-2011-2725: Backport patch for upstream directory traversal in Ark + Closes: #635541 (thanks to Moritz Muehlenhoff) + + -- Jonathan Wiltshire <j...@debian.org> Sun, 18 Mar 2012 21:36:25 +0000 + kdeutils (4:4.4.5-1) unstable; urgency=low [ Modestas Vainius ] diff -Nru kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch --- kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch 1970-01-01 01:00:00.000000000 +0100 +++ kdeutils-4.4.5/debian/patches/CVE-2011-2725.patch 2012-03-18 21:43:23.000000000 +0000 @@ -0,0 +1,27 @@ +Description: fix directory traversal in Ark +Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635541#32 +Bug-Debian: http://bugs.debian.org/635541 +Author: Moritz Muehlenhoff <j...@debian.org> +Reviewed-By: Jonathan Wiltshire <j...@debian.org> +Last-Update: 2012-03-18 + +--- kdeutils-4.4.5.orig/ark/part/part.cpp ++++ kdeutils-4.4.5/ark/part/part.cpp +@@ -500,8 +500,15 @@ void Part::slotPreviewExtracted(KJob *jo + if (!job->error()) { + const ArchiveEntry& entry = + m_model->entryForIndex(m_view->selectionModel()->currentIndex()); +- const QString fullName = +- m_previewDir->name() + '/' + entry[ FileName ].toString(); ++ ++ QString fullName = ++ m_previewDir->name() + QLatin1Char('/') + entry[ FileName ].toString(); ++ ++ // Make sure a maliciously crafted archive with parent folders named ".." do ++ // not cause the previewed file path to be located outside the temporary ++ // directory, resulting in a directory traversal issue. ++ fullName.remove(QLatin1String("../")); ++ + ArkViewer::view(fullName, widget()); + } else { + KMessageBox::error(widget(), job->errorString());
signature.asc
Description: Digital signature
