'[okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on t'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on t
From:       Albert Astals Cid <bugzilla_noreply () kde ! org>
Date:       2018-09-03 19:15:09
Message-ID: bug-398096-17878-lKfB8yCw5D () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=398096

Albert Astals Cid <aacid@kde.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
      Latest Commit|                            |https://commits.kde.org/oku
                   |                            |lar/8ff7abc14d41906ad978b6b
                   |                            |c67e69693863b9d47
             Status|CONFIRMED                   |RESOLVED

--- Comment #3 from Albert Astals Cid <aacid@kde.org> ---
Git commit 8ff7abc14d41906ad978b6bc67e69693863b9d47 by Albert Astals Cid.
Committed on 03/09/2018 at 19:14.
Pushed by aacid into branch 'Applications/18.08'.

Fix path traversal issue when extracting an .okular file

Summary:
With specially crafted .okular files you can trick okular to create temporary
files outside the temporary folder

We fix that by making sure the file doesn't have folders since the ones we
create don't

Subscribers: okular-devel

Tags: #okular

Differential Revision: https://phabricator.kde.org/D15192

M  +12   -0    core/document.cpp

https://commits.kde.org/okular/8ff7abc14d41906ad978b6bc67e69693863b9d47

-- 
You are receiving this mail because:
You are watching all bug changes.=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic