Tue Nov 15 14:33:58 UTC 2011

author: Parabola <dev@list.parabolagnulinux.org> 2011-11-15 14:34:01 +0000
committer: Parabola <dev@list.parabolagnulinux.org> 2011-11-15 14:34:01 +0000
commit: 28b13b7e8e6e1e4fa1593f0dfb1c37569f2f90a8 (patch)
tree: b5961b2312f5afe599dba0d1b9a3b6f6e3d04091 /extra/kdeutils
parent: 3d151dfc8e08b65c2c1d4b5e8081562d56ee7d41 (diff)
1 files changed, 0 insertions, 20 deletions
diff --git a/extra/kdeutils/CVE-2011-2725.patch b/extra/kdeutils/CVE-2011-2725.patch
deleted file mode 100644
index 986bebc90..000000000
--- a/extra/kdeutils/CVE-2011-2725.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- a/part/part.cpp
-+++ b/part/part.cpp
-@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
-     if (!job->error()) {
-         const ArchiveEntry& entry =
-             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
--        const QString fullName =
--            m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
-+
-+        QString fullName =
-+            m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
-+
-+        // Make sure a maliciously crafted archive with parent folders named ".." do
-+        // not cause the previewed file path to be located outside the temporary
-+        // directory, resulting in a directory traversal issue.
-+        fullName.remove(QLatin1String("../"));
-+
-         ArkViewer::view(fullName, widget());
-     } else {
-         KMessageBox::error(widget(), job->errorString());
author	Parabola <dev@list.parabolagnulinux.org>	2011-11-15 14:34:01 +0000
committer	Parabola <dev@list.parabolagnulinux.org>	2011-11-15 14:34:01 +0000
commit	28b13b7e8e6e1e4fa1593f0dfb1c37569f2f90a8 (patch)
tree	b5961b2312f5afe599dba0d1b9a3b6f6e3d04091 /extra/kdeutils
parent	3d151dfc8e08b65c2c1d4b5e8081562d56ee7d41 (diff)