Public bug reported:

Binary package hint: ktorrent

binary hint: ktorrent

KDE Mailing List Announcement:
  http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2

KDE SVN Revision Comments
  http://websvn.kde.org/?view=rev&revision=640661

This issue affects all releases prior to the latest 2.1.2 release (from
Breezy to Feisty).

Issues related to the possibility of a DoS or heap corruption by
allowing idx to either be to small (negative) or to large
(chunkcounter.cpp). The other issue is allowing .. in the file names
(torrent.cpp). If ran with the regular user damage could be caused by
overwriting user config files or directories. If ran as root, it could
overwrite system files.

** Affects: ktorrent (Ubuntu)
     Importance: Undecided
         Status: Unconfirmed

-- 
KTorrent security issue with releases <2.1.2 (Breezy - Feisty)
https://launchpad.net/bugs/91174

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to