Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:dolphin
User: [email protected]
Usertags: pu

  * CVE-2026-41525: Sandbox escape
diffstat for dolphin-25.04.3 dolphin-25.04.3

 changelog                                                               |    7 
+
 patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch |   44 
++++++++++
 patches/series                                                          |    1 
 3 files changed, 52 insertions(+)

diff -Nru dolphin-25.04.3/debian/changelog dolphin-25.04.3/debian/changelog
--- dolphin-25.04.3/debian/changelog    2025-07-23 09:19:05.000000000 +0300
+++ dolphin-25.04.3/debian/changelog    2026-07-02 20:11:18.000000000 +0300
@@ -1,3 +1,10 @@
+dolphin (4:25.04.3-1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-41525: Sandbox escape
+
+ -- Adrian Bunk <[email protected]>  Thu, 02 Jul 2026 20:11:18 +0300
+
 dolphin (4:25.04.3-1) unstable; urgency=medium
 
   [ Aurélien COUDERC ]
diff -Nru 
dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch
 
dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch
--- 
dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch
      1970-01-01 02:00:00.000000000 +0200
+++ 
dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch
      2026-07-02 20:10:57.000000000 +0300
@@ -0,0 +1,44 @@
+From cfd995e74fd5ab716e21231f8bf63e8aa508c2a4 Mon Sep 17 00:00:00 2001
+From: Harald Sitter <[email protected]>
+Date: Tue, 10 Feb 2026 12:55:11 +0100
+Subject: dolphinviewcontainer: do not implicitly open directories as files
+
+we already have xdg-run, we don't need another runner interface ;)
+
+notably if the user disabled the ask-before-execute guard rail from KIO,
+they would also implicitly allow other applications to execute any file
+by invoking it through dolphin, that would be a bit silly and isn't the
+point of the guard rail opt-out.
+
+when detecting a file we now instead open the parent
+
+Should improve
+CCBUG: 516830
+---
+ src/dolphinviewcontainer.cpp | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/src/dolphinviewcontainer.cpp b/src/dolphinviewcontainer.cpp
+index e13f4a87b..10567db85 100644
+--- a/src/dolphinviewcontainer.cpp
++++ b/src/dolphinviewcontainer.cpp
+@@ -724,15 +724,7 @@ void DolphinViewContainer::slotUrlIsFileError(const QUrl 
&url)
+ {
+     const KFileItem item(url);
+ 
+-    // Find out if the file can be opened in the view (for example, this is 
the
+-    // case if the file is an archive). The mime type must be known for that.
+-    item.determineMimeType();
+-    const QUrl &folderUrl = DolphinView::openItemAsFolderUrl(item, true);
+-    if (!folderUrl.isEmpty()) {
+-        setUrl(folderUrl);
+-    } else {
+-        slotItemActivated(item);
+-    }
++    setUrl(KIO::upUrl(item.url()));
+ }
+ 
+ void DolphinViewContainer::slotItemActivated(const KFileItem &item)
+-- 
+2.47.3
+
diff -Nru dolphin-25.04.3/debian/patches/series 
dolphin-25.04.3/debian/patches/series
--- dolphin-25.04.3/debian/patches/series       2025-07-23 09:19:05.000000000 
+0300
+++ dolphin-25.04.3/debian/patches/series       2026-07-02 20:11:16.000000000 
+0300
@@ -7,3 +7,4 @@
 
upstream_3e4d9ca1_fix-incorrect-view-reset-when-unmounting-similarly-named-devices.patch
 
upstream_6dd55251_DolphinView-display-errorMessage-when-copy-errors-occurs.patch
 
upstream_c4ffe88c_DolphinView-display-errorMessage-when-copy-errors-occurs.patch
+0001-dolphinviewcontainer-do-not-implicitly-open-director.patch

Reply via email to