Ubuntu
unetbootin package

The "Open Disk Image File" browser has DnD enabled

Bug #1438236 reported by Doug McMahon on 2015-03-30

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	unetbootin (Ubuntu)	Triaged	High	Geza Kovacs

Bug Description

And to make worse it does so with root permissions
Test case:
Open unetbootin, click on the ... button to browse for an image
Go into Computer to expose Folders & or files
Any folder or file can be DnD'ed to somewhere else.

This should not be allowed.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unetbootin 585-2ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-33.44~14.04.1-generic 3.16.7-ckt7
Uname: Linux 3.16.0-33-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.8
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Mar 30 10:28:00 2015
InstallationDate: Installed on 2015-01-10 (79 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20141208)
SourcePackage: unetbootin
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Doug McMahon (mc3man) wrote on 2015-03-30:

#1

Dependencies.txt Edit (9.0 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (103 bytes, text/plain; charset="utf-8")

tags:

added: utopic vivid
removed: amd64

Revision history for this message

Doug McMahon (mc3man) wrote on 2015-03-30:

#2

upstream issue filed
https://github.com/gkovacs/unetbootin/issues/19

tags:

added: very-bad-behavior

Revision history for this message

Geza Kovacs (gezakovacs) wrote on 2015-07-15:

#3

Hi I'm the upstream maintainer. No need to get trigger-happy. There is a 4-line fix to this, specifically add the QFileDialog::ReadOnly option to the 4 occurrences of QFileDialog::getOpenFileName in https://github.com/gkovacs/unetbootin/blob/master/src/unetbootin/unetbootin.cpp . I'll update it soon. Thanks!

Revision history for this message

Geza Kovacs (gezakovacs) wrote on 2015-07-20:

#4

Issue is fixed in the latest 613 release https://launchpad.net/unetbootin/trunk/613 (not yet on sourceforge, as sourceforge's infrastructure is still down) and can be seen in the PPA at https://launchpad.net/~gezakovacs/+archive/ubuntu/ppa

Changed in unetbootin (Ubuntu):
assignee:	nobody → Geza Kovacs (gezakovacs)
status:	New → Fix Released

Revision history for this message

Brian Murray (brian-murray) wrote on 2015-10-19:

#5

Although this may be fixed in the PPA, this is not fixed in the version of the package which appears in the Ubuntu repository. As such I'm setting the status back to Triaged.

Changed in unetbootin (Ubuntu):
status:	Fix Released → Triaged

Alberto Salvia Novella (es20490446e) on 2015-10-20

information type:	Public → Public Security
Changed in unetbootin (Ubuntu):
importance:	Undecided → High

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.