[Bug 1712948] Re: [CVE] KNewstuff downloads can install files outside the extraction directory
Simon Quigley
tsimonq2 at ubuntu.com
Sun Sep 3 11:48:04 UTC 2017
For what it's worth, sponsor, the debdiff includes a reference to a new
tar file that was included, but obviously you can't see that in the
debdiff. Here's a link to it:
https://cgit.kde.org/karchive.git/tree/autotests/tar_relative_path_outside_archive.tar.bz2?id=0cb243
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to karchive in Ubuntu.
https://bugs.launchpad.net/bugs/1712948
Title:
[CVE] KNewstuff downloads can install files outside the extraction
directory
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/karchive/+bug/1712948/+subscriptions
More information about the kubuntu-bugs
mailing list