ark - CVE-2020-16116

2020-10-09 Thread Abhijith PA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello debian-qt-kde team,

I was preparing CVE-2020-16116[1] security update for the stretch. I was
able to backport the patch[2]. But when I ran 'ark --batch (CLI mode)
against the PoC[3] it crashes while loading GUI works as intended. Can
you help me.


- --abhijith

[1] - https://security-tracker.debian.org/tracker/CVE-2020-16116
[2] - https://people.debian.org/~abhijith/upload/backport_to_1608.patch
crashes
[3] -
https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl+ANnoACgkQhj1N8u2c
KO8xNg//Vhhw0cfF7Tju5RCaIPzIEaBJ2MYZmy450YO4v/NyyjoiohDpk5tN2yS8
dD3JkVnF5Zn7Gh4UVm5GM5B//1a01n5k2HspdvDX1FIEZJ5IaUDbaKJtG5vCmrm4
fw49dRMC1WHgsT4xPK1t43zk+FaIngBuU3nWnA4kTWq6c+MiF+V4uLUE9Jjp49K4
/1qR+5iAFH4Fe7x/XQWVRGwrhHjLj1DinZmGsGByhLToAw+yYAEoBeD0YLE0sMwr
3FG2yamHl8UX867xFdM2motKxOoAjetpghAnfc+TJuNGXXdiSshWKDFOny8cB1dV
o0/ooIK8yYsZLQYdppGHM52G51tbh67fgGABNN91vRPNwCW3L4ggG/wyl1DBR3KE
1gSnudQ+53LXCESdi8NzCioXnN2qg6HAtOCkCdjexIUII/HSEoGkzeN/M55oCxlc
XuKzacW03cmSex2xzC5/PetTCCko+tdf5h+W5D8YMG35YuIwCtN+hSU+8kVpvPrG
eV1GqFuuKycudi7tNQlgFQrVh70yB8W2WpNG1s6hb+YE6yeSYwa2JjyYc3iuMaHn
YG9upV6oM7ER1R8Kz1oJBc0i5HO62gifMPfZXHEEJiYednVfPcTzB+RQfx2kY2ZZ
EpzNgeQsL08rn+KLw/mdFU4H/uR2FdTd3K1m3Ifvc1BugP5X/1s=
=65YS
-END PGP SIGNATURE-

Processing of qtdeclarative-opensource-src_5.15.1+dfsg-2_source.changes

2020-10-09 Thread Debian FTP Masters 
qtdeclarative-opensource-src_5.15.1+dfsg-2_source.changes uploaded successfully 
to localhost
along with the files:
  qtdeclarative-opensource-src_5.15.1+dfsg-2.dsc
  qtdeclarative-opensource-src_5.15.1+dfsg-2.debian.tar.xz
  qtdeclarative-opensource-src_5.15.1+dfsg-2_source.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

qtdeclarative-opensource-src_5.15.1+dfsg-2_source.changes ACCEPTED into experimental

2020-10-09 Thread Debian FTP Masters 



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 09 Oct 2020 20:46:06 +0300
Source: qtdeclarative-opensource-src
Architecture: source
Version: 5.15.1+dfsg-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Dmitry Shachnev 
Changes:
 qtdeclarative-opensource-src (5.15.1+dfsg-2) experimental; urgency=medium
 .
   * Fix duplicate entries for some files in debian/copyright.
   * Override Lintian warnings about this-value-valid-date-min.js, "min" in
 its name is not for "minified".
   * Update symbols files from buildds’ logs.
Checksums-Sha1:
 95fbb24c20d874346276dcff39b8b045d4c6334a 5335 
qtdeclarative-opensource-src_5.15.1+dfsg-2.dsc
 364854faea86855a1854159bd482b5ef8c971292 104836 
qtdeclarative-opensource-src_5.15.1+dfsg-2.debian.tar.xz
 c7755903bcbe46cae15be11e69fa0d80a9ab02d1 11755 
qtdeclarative-opensource-src_5.15.1+dfsg-2_source.buildinfo
Checksums-Sha256:
 19669b02b2904f3d4ccc3f472844d62cefb54d4bf1a1d7efe222cd76000a14bf 5335 
qtdeclarative-opensource-src_5.15.1+dfsg-2.dsc
 47be43fb783ce11bbc93b41488e409d1e1d179b612a94276781058d61a0e8e5d 104836 
qtdeclarative-opensource-src_5.15.1+dfsg-2.debian.tar.xz
 6be7eff42b8b482fd702e4b81573ecb898e0660cebc32f7a6ea8a99b827cdbe2 11755 
qtdeclarative-opensource-src_5.15.1+dfsg-2_source.buildinfo
Files:
 5ddc3116c007aa072fc0e80909b602bd 5335 libs optional 
qtdeclarative-opensource-src_5.15.1+dfsg-2.dsc
 448ef689bb0d984f484822c73fa0db8b 104836 libs optional 
qtdeclarative-opensource-src_5.15.1+dfsg-2.debian.tar.xz
 19c5eb2b4ee961c6f112025ebfa2eafd 11755 libs optional 
qtdeclarative-opensource-src_5.15.1+dfsg-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAl+ApPYTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBmRiZbWGuDy4opD/4nJdasKXT0eBa9A8lNfAioKxStZH23
R8qVc3Jqt93N1NsQdmRS+CnufcaRLjU4AX8lGNtF2p3JyIucPeDcmEfBec/DJ0sd
rEcH8FiSuyc60UQR8JbE4dO0Zn+wnNT4wU2lM7J0DMMx02Cj3yoRJwGh4CdqnZeE
yfiCfkprdV+WyA9qCeavtYTcxvJIA4f6woEdTI7krOFWMq2qz22GJLHgiIibhb5e
JNmGG3DJ9HCoXmBdqSDkBAPJKGNni4UbUtGAt+paUoSpBig/myhjVKqwKMEBr/fs
pUaKQ8gAUQItjeUyhEhfqXy074IXQuSq6Zvfsf0PZPg7HYPj3fmVULx1CyNs7X5t
1KwvmWvVFrAAGEMYJlWlQcmeCQA4kgTlfE7yiLhLXCH2w9Q32QGaulhZCMq/dvjR
7vC2wZbE76F68lsRe332LvWBpRoj2dCBtefi53kbF07VuQW8mKvw25mUFRPUKrWR
s4Nrn+j2BlUEbJTKA7Vraqp+pWrgtvXX7hNvi0TZmpSjbqik4hCrcqrc3G/rqc9s
USnOUVZsoYJSaQ+pDJw/9n7+e7TK8bmOsfrPsItizPMhAZyVcZKcgzzLOuaHqXyI
QaPAj1FhiMM2+v7ExdDIeaSQDjPppy6R5h5Ls12BH/5W6B2mLVWYgreZYyO/mfY4
ZlPUulIlYdURow==
=hjgD
-END PGP SIGNATURE-


Thank you for your contribution to Debian.