https://nvd.nist.gov/vuln/detail/CVE-2018-1000801
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 I started to look at this a few days ago, but eventually persuaded myself that we were using 18.08.1 which is fixed. I'm obviously getting flakier than I thought. Now that I've built plasma (possibly - see support) I can see that I had not downloaded the KF5 applications I build (most of what is in the book, except kdenlive which I have no use for and where I loathe its string of static-library dependencies, plus some others. Should we just update okular to 18.08.1 ? Or use 18.08.3 ? ĸen -- If a man stands before a mirror and sees in it his reflection, what he sees is not a true reproduction, but a picture of himself when he was a younger man. -- de Selby -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
