Updated fix for CVE-2010-1000
Bug #757526 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdenetwork (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
High
|
Jamie Strandboge | ||
Lucid |
Fix Released
|
High
|
Jamie Strandboge | ||
Maverick |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
Binary package hint: kdenetwork
KDE has updated the fix for CVE-2010-1000.
The previous patch still allows up traversal at the beginning, e.g. "../foo/bar".
Patches:
4.4 branch: http://
4.5 branch: http://
kdenetwork 4:4.6.2-0ubuntu3 in natty and kdenetwork 4.5.5-0ubuntu2 in the maverick-proposed queue are already patched.
visibility: | private → public |
To post a comment you must log in.
Fixed in 4:4.6.2-0ubuntu3 in natty