[Bug 91174] KTorrent security issue with releases <2.1.2 (Breezy - Feisty)
Richard Johnson
nixternal at ubuntu.com
Sat Mar 10 16:38:24 UTC 2007
Public bug reported:
Binary package hint: ktorrent
binary hint: ktorrent
KDE Mailing List Announcement:
http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2
KDE SVN Revision Comments
http://websvn.kde.org/?view=rev&revision=640661
This issue affects all releases prior to the latest 2.1.2 release (from
Breezy to Feisty).
Issues related to the possibility of a DoS or heap corruption by
allowing idx to either be to small (negative) or to large
(chunkcounter.cpp). The other issue is allowing .. in the file names
(torrent.cpp). If ran with the regular user damage could be caused by
overwriting user config files or directories. If ran as root, it could
overwrite system files.
** Affects: ktorrent (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
KTorrent security issue with releases <2.1.2 (Breezy - Feisty)
https://launchpad.net/bugs/91174
More information about the kubuntu-bugs
mailing list