Updated fix for CVE-2010-1000
Bug #757526 reported by
Felix Geyer
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| kdenetwork (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Karmic |
Fix Released
|
High
|
Jamie Strandboge | ||
| Lucid |
Fix Released
|
High
|
Jamie Strandboge | ||
| Maverick |
Fix Released
|
High
|
Jamie Strandboge | ||
Bug Description
Binary package hint: kdenetwork
KDE has updated the fix for CVE-2010-1000.
The previous patch still allows up traversal at the beginning, e.g. "../foo/bar".
Patches:
4.4 branch: http://
4.5 branch: http://
kdenetwork 4:4.6.2-0ubuntu3 in natty and kdenetwork 4.5.5-0ubuntu2 in the maverick-proposed queue are already patched.
| visibility: | private → public |
To post a comment you must log in.

Fixed in 4:4.6.2-0ubuntu3 in natty