On Tue, Jul 26, 2011 at 10:20:46PM +0200, Moritz Muehlenhoff wrote: > Package: ark > Version: 4:4.6.5-2 > Severity: grave > Tags: security > > The following was reported on oss-security. There's no CVE assignment > or any details yet: > > --- > Date: Mon, 25 Jul 2011 14:45:14 -0400 > From: Jeff Mitchell <mitch...@kde.org> > Subject: [oss-security] CVE Request: Ark path traversal > > Hello, > > Ark contains a path traversal vulnerability allowing a > maliciously-crafted zip file to allow for an arbitrary file to be > displayed and, if the user has appropriate credentials, removed. > > Can we please get a CVE for this? > > Thanks, > Jeff > --- > > Could you contact upstream for details?
KDE maintainers, what's the status? This has been assigned CVE-2011-2725. Red Hat has collected the information nicely: https://bugzilla.redhat.com/show_bug.cgi?id=725764 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
