> On May 12, 2015, 3:49 p.m., Jan Kundrát wrote: > > Was the old code a part of some release? If yes, this should get a CVE > > security announcement because it allows a local attacker to e.g. force you > > to overwirte some of your user's files.
It looks like it was introduced in 999e774b3ce117598df2029364bd10f4347be81c and released in 0.2.0 and later. - Michael ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/123724/#review80247 ----------------------------------------------------------- On May 12, 2015, 12:49 p.m., Michael Palimaka wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/123724/ > ----------------------------------------------------------- > > (Updated May 12, 2015, 12:49 p.m.) > > > Review request for KDE Frameworks and KDEPIM. > > > Repository: kpeople > > > Description > ------- > > Hardcoding files like this seems like a bad idea. > > > Diffs > ----- > > autotests/persondatatests.h 30eeeb5cd647c713f1b438543a54516ced9f3ede > autotests/persondatatests.cpp 73098d3717509ad80761bbd02000b4ce5060bbb2 > autotests/personsmodeltest.h 5b8879521f334459c4f73c2708b3368c543e40a3 > autotests/personsmodeltest.cpp b19d1baf8a2c2e617d4b6128df29fbab3b8e61a7 > > Diff: https://git.reviewboard.kde.org/r/123724/diff/ > > > Testing > ------- > > Tests still pass. > > > Thanks, > > Michael Palimaka > >
_______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel