[Bug 878619] [NEW] Ark directory traversal issue (CVE-2011-2725)
Scott Kitterman
ubuntu at kitterman.com
Thu Oct 20 02:32:08 UTC 2011
*** This bug is a security vulnerability ***
Public security bug reported:
>From the upstream KDE packager's mail list:
In the ark repository (git://anongit.kde.org/ark) there are now patches
to fix a path traversal issue. The CVE ID for this is CVE-2011-2725.
There is no embargo, although I likely won't get a security advisory up
for a day or two. Due to a coordination mishap between us and the
reporter (only discovered earlier today), the details were posted on a
full disclosure list quite some time ago, so please apply these as soon
as possible.
4.5: http://commits.kde.org/ark/6f6c0b1
4.6: http://commits.kde.org/ark/7cf0033
4.7: http://commits.kde.org/ark/ccb5448
master: http://commits.kde.org/ark/e88d227
** Affects: kdeutils (Ubuntu)
Importance: High
Status: Triaged
** Affects: kdeutils (Ubuntu Lucid)
Importance: High
Status: New
** Affects: kdeutils (Ubuntu Maverick)
Importance: High
Status: Triaged
** Affects: kdeutils (Ubuntu Natty)
Importance: High
Status: Triaged
** Affects: kdeutils (Ubuntu Oneiric)
Importance: High
Status: Triaged
** Affects: kdeutils (Ubuntu Precise)
Importance: High
Status: Triaged
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2725
** Visibility changed to: Public
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdeutils in Ubuntu.
https://bugs.launchpad.net/bugs/878619
Title:
Ark directory traversal issue (CVE-2011-2725)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdeutils/+bug/878619/+subscriptions
More information about the kubuntu-bugs
mailing list