Ark directory traversal issue (CVE-2011-2725)
Bug #878619 reported by
Scott Kitterman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdeutils (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Jamie Strandboge | ||
Maverick |
Fix Released
|
High
|
Jamie Strandboge | ||
Natty |
Fix Released
|
High
|
Jamie Strandboge | ||
Oneiric |
Fix Released
|
High
|
Jamie Strandboge | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
From the upstream KDE packager's mail list:
In the ark repository (git://
to fix a path traversal issue. The CVE ID for this is CVE-2011-2725.
There is no embargo, although I likely won't get a security advisory up
for a day or two. Due to a coordination mishap between us and the
reporter (only discovered earlier today), the details were posted on a
full disclosure list quite some time ago, so please apply these as soon
as possible.
4.5: http://
4.6: http://
4.7: http://
master: http://
Changed in kdeutils (Ubuntu Lucid): | |
status: | New → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kdeutils (Ubuntu Maverick): | |
status: | Triaged → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kdeutils (Ubuntu Natty): | |
status: | Triaged → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kdeutils (Ubuntu Oneiric): | |
status: | Triaged → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kdeutils (Ubuntu Precise): | |
status: | Triaged → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kdeutils (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in kdeutils (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Changed in kdeutils (Ubuntu Natty): | |
status: | In Progress → Fix Committed |
Changed in kdeutils (Ubuntu Oneiric): | |
status: | In Progress → Fix Committed |
Changed in kdeutils (Ubuntu Precise): | |
assignee: | Jamie Strandboge (jdstrand) → nobody |
status: | In Progress → Triaged |
To post a comment you must log in.
Making public since the fix is public and it was already published on full disclosure.