diff options
Diffstat (limited to 'extra/kdeutils')
| -rw-r--r-- | extra/kdeutils/CVE-2011-2725.patch | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/extra/kdeutils/CVE-2011-2725.patch b/extra/kdeutils/CVE-2011-2725.patch deleted file mode 100644 index 986bebc90..000000000 --- a/extra/kdeutils/CVE-2011-2725.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/part/part.cpp -+++ b/part/part.cpp -@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo - if (!job->error()) { - const ArchiveEntry& entry = - m_model->entryForIndex(m_view->selectionModel()->currentIndex()); -- const QString fullName = -- m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString(); -+ -+ QString fullName = -+ m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString(); -+ -+ // Make sure a maliciously crafted archive with parent folders named ".." do -+ // not cause the previewed file path to be located outside the temporary -+ // directory, resulting in a directory traversal issue. -+ fullName.remove(QLatin1String("../")); -+ - ArkViewer::view(fullName, widget()); - } else { - KMessageBox::error(widget(), job->errorString()); |