This bug was fixed in the package ark - 4:15.12.3-0ubuntu1.1
---
ark (4:15.12.3-0ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Stop running executables when opening urls (LP: #1655507)
- debian/patches/00_disable_open_functionality.patch
- CVE-2017-5530
--
This bug was fixed in the package ark - 4:16.04.3a-0ubuntu2.2
---
ark (4:16.04.3a-0ubuntu2.2) yakkety-security; urgency=medium
* SECURITY UPDATE:unintended execution of scripts and executable files
- debian/patches/no-exec-during-url-open.patch
- Thanks to Fabian Vogt
** Changed in: ark (Ubuntu Yakkety)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655507
Title:
CVE-2017-5330 - Ark: unintended execution of scripts and
** Changed in: ark (Ubuntu Zesty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655507
Title:
CVE-2017-5330 - Ark: unintended execution of scripts and
On 20/01/17 03:42, Simon Quigley wrote:
> I'm marking this as Fix Committed in Zesty, and if someone could mark
> this as Fix Released once it gets through to zesty-release, that would
> be great. Looks like someone forgot to put this bug number in the
> changelog.
I did, thanks.
--
You
KDE Applications 16.12.1 seems to be uploaded to Zesty (excluding PIM)
and it includes Ark 16.12.1, which has this fix baked in.
https://launchpad.net/ubuntu/+source/ark/4:16.12.1-0ubuntu1
I'm marking this as Fix Committed in Zesty, and if someone could mark
this as Fix Released once it gets
New debdiff.patch that conforms ubuntu security sponsorship procedures
** Patch added: "debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1655507/+attachment/4806031/+files/debdiff.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Subscribing ubuntu-security-sponsors so this gets looked at.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655507
Title:
CVE-2017-5330 - Ark: unintended execution of scripts and executable
files
On 17/01/17 08:52, visred wrote:
> I tested it and no problems on yakkety. I was trying to send a merge
> proposal but I am unable to find the bzr branch.
>
> Although ark is present at lp:ark , bzr can't pull from there for some
> reason. Tried using git too. Still can't find the branch.
Here:
I tested it and no problems on yakkety. I was trying to send a merge
proposal but I am unable to find the bzr branch.
Although ark is present at lp:ark , bzr can't pull from there for some
reason. Tried using git too. Still can't find the branch.
** CVE added: http://www.cve.mitre.org/cgi-
I am including a debdiff for yakkety
Clive if you want I can build it in my ppa. I already started building
for yakkety. Please test it and sponsor these diffs
https://launchpad.net/~visred/+archive/ubuntu/rel-ppa/+packages
** Attachment added: "debdiff-yakkety"
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655507
Title:
CVE-2017-5330 - Ark: unintended execution of scripts and executable
files
To manage notifications about this bug
I have a debdiff for Xenial, but due to my lack of resources (pathetic
slow internet and old system) I can't test it.
https://launchpad.net/~kubuntu-
ninjas/+archive/ubuntu/ppa/+packages?field.name_filter=ark_filter=published_filter=
** Patch added: "ark_15.12.3-0ubuntu1.1.debdiff"
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
14 matches
Mail list logo