[okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation
Albert Astals Cid
bugzilla_noreply at kde.org
Mon Sep 3 20:15:09 BST 2018
https://bugs.kde.org/show_bug.cgi?id=398096
Albert Astals Cid <aacid at kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Latest Commit| |https://commits.kde.org/oku
| |lar/8ff7abc14d41906ad978b6b
| |c67e69693863b9d47
Status|CONFIRMED |RESOLVED
--- Comment #3 from Albert Astals Cid <aacid at kde.org> ---
Git commit 8ff7abc14d41906ad978b6bc67e69693863b9d47 by Albert Astals Cid.
Committed on 03/09/2018 at 19:14.
Pushed by aacid into branch 'Applications/18.08'.
Fix path traversal issue when extracting an .okular file
Summary:
With specially crafted .okular files you can trick okular to create temporary
files outside the temporary folder
We fix that by making sure the file doesn't have folders since the ones we
create don't
Subscribers: okular-devel
Tags: #okular
Differential Revision: https://phabricator.kde.org/D15192
M +12 -0 core/document.cpp
https://commits.kde.org/okular/8ff7abc14d41906ad978b6bc67e69693863b9d47
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Okular-devel
mailing list