group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #11436
[Bug 1668552] Re: KDE Project Security Advisory: ktnef: Directory Traversal
This bug was fixed in the package ktnef - 4:16.04.3-0ubuntu1.1
---------------
ktnef (4:16.04.3-0ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: Malicious writes during directory traversal.
- debian/patches/directory-traversal.patch
- Thanks to Eric Sesterhenn for reporting this issue, Albert Astals
Cid for fixing this issue.
- No CVE number.
- fixes (LP: #1668552)
-- vishnu@xxxxxxxxxxxxxxx (v.naini) Wed, 01 Mar 2017 13:53:49 +0530
** Changed in: ktnef (Ubuntu Yakkety)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668552
Title:
KDE Project Security Advisory: ktnef: Directory Traversal
Status in kdepim package in Ubuntu:
Invalid
Status in ktnef package in Ubuntu:
Fix Released
Status in kdepim source package in Trusty:
New
Status in ktnef source package in Xenial:
New
Status in ktnef source package in Yakkety:
Fix Released
Bug description:
KDE Project Security Advisory
=============================
Title: ktnef: Directory Traversal
Risk Rating: Medium
CVE: TBC
Versions: ktnef <= 5.4.2 (KDE Applications 16.12.2)
Date: 27 February 2017
Overview
========
A directory traversal issue was found in ktnef which can
be exploited by tricking a user into opening a malicious winmail.dat file.
The issue allows to write files with the permission of the user opening
the winmail.dat file during extraction.
Solution
========
Update to ktnef >= 5.4.3 (KDE Applications 16.12.3) (when released)
Or apply the following patch:
https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1668552/+subscriptions
