← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1668552] Re: KDE Project Security Advisory: ktnef: Directory Traversal

 

This bug was fixed in the package ktnef - 4:15.12.3-0ubuntu1.1

---------------
ktnef (4:15.12.3-0ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Malicious writes during directory traversal.
      - debian/patches/directory-traversal.patch
      - Thanks to Eric Sesterhenn for reporting this issue, Albert Astals
        Cid for fixing this issue.
      - No CVE number.
      - fixes (LP: #1668552)

 -- vishnu@xxxxxxxxxxxxxxx (v.naini)  Thu, 02 Mar 2017 20:58:12 +0530

** Changed in: ktnef (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668552

Title:
  KDE Project Security Advisory: ktnef: Directory Traversal

Status in kdepim package in Ubuntu:
  Invalid
Status in ktnef package in Ubuntu:
  Fix Released
Status in kdepim source package in Trusty:
  Incomplete
Status in ktnef source package in Xenial:
  Fix Released
Status in ktnef source package in Yakkety:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =============================

  Title:          ktnef: Directory Traversal
  Risk Rating:    Medium
  CVE:            TBC
  Versions:       ktnef <= 5.4.2 (KDE Applications 16.12.2)
  Date:           27 February 2017

  
  Overview
  ========
  A directory traversal issue was found in ktnef which can
  be exploited by tricking a user into opening a malicious winmail.dat file.
  The issue allows to write files with the permission of the user opening
  the winmail.dat file during extraction.

  
  Solution
  ========
  Update to ktnef >= 5.4.3 (KDE Applications 16.12.3) (when released)

  Or apply the following patch:
  https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1668552/+subscriptions