Public bug reported: Binary package hint: ktorrent
binary hint: ktorrent KDE Mailing List Announcement: http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2 KDE SVN Revision Comments http://websvn.kde.org/?view=rev&revision=640661 This issue affects all releases prior to the latest 2.1.2 release (from Breezy to Feisty). Issues related to the possibility of a DoS or heap corruption by allowing idx to either be to small (negative) or to large (chunkcounter.cpp). The other issue is allowing .. in the file names (torrent.cpp). If ran with the regular user damage could be caused by overwriting user config files or directories. If ran as root, it could overwrite system files. ** Affects: ktorrent (Ubuntu) Importance: Undecided Status: Unconfirmed -- KTorrent security issue with releases <2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
