[okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation
https://bugs.kde.org/show_bug.cgi?id=398096 Nate Graham changed: What|Removed |Added CC||n...@kde.org Version Fixed In||18.08.1 -- You are receiving this mail because: You are watching all bug changes.
[okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation
https://bugs.kde.org/show_bug.cgi?id=398096 Albert Astals Cid changed: What|Removed |Added Resolution|--- |FIXED Latest Commit||https://commits.kde.org/oku ||lar/8ff7abc14d41906ad978b6b ||c67e69693863b9d47 Status|CONFIRMED |RESOLVED --- Comment #3 from Albert Astals Cid --- Git commit 8ff7abc14d41906ad978b6bc67e69693863b9d47 by Albert Astals Cid. Committed on 03/09/2018 at 19:14. Pushed by aacid into branch 'Applications/18.08'. Fix path traversal issue when extracting an .okular file Summary: With specially crafted .okular files you can trick okular to create temporary files outside the temporary folder We fix that by making sure the file doesn't have folders since the ones we create don't Subscribers: okular-devel Tags: #okular Differential Revision: https://phabricator.kde.org/D15192 M +12 -0core/document.cpp https://commits.kde.org/okular/8ff7abc14d41906ad978b6bc67e69693863b9d47 -- You are receiving this mail because: You are watching all bug changes.
[okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation
https://bugs.kde.org/show_bug.cgi?id=398096 Albert Astals Cid changed: What|Removed |Added Status|UNCONFIRMED |CONFIRMED Ever confirmed|0 |1 --- Comment #2 from Albert Astals Cid --- My suggestion at https://phabricator.kde.org/D15192 -- You are receiving this mail because: You are watching all bug changes.
[okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation
https://bugs.kde.org/show_bug.cgi?id=398096 Albert Astals Cid changed: What|Removed |Added CC||aa...@kde.org --- Comment #1 from Albert Astals Cid --- You should never run okular as root, that's just bad practice and there's really no reason for anyone be doing that. Anyhow i guess the problem applies for regular users too -- You are receiving this mail because: You are watching all bug changes.
[okular] [Bug 398096] Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation
https://bugs.kde.org/show_bug.cgi?id=398096 Joran Hervé changed: What|Removed |Added CC||joran.he...@gmail.com -- You are receiving this mail because: You are watching all bug changes.
