[Bug 757526] [NEW] Updated fix for CVE-2010-1000
Felix Geyer
debfx-pkg at fobos.de
Mon Apr 11 13:27:31 UTC 2011
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: kdenetwork
KDE has updated the fix for CVE-2010-1000.
The previous patch still allows up traversal at the beginning, e.g. "../foo/bar".
Patches:
4.4 branch: http://websvn.kde.org/?view=revision&revision=1227468
4.5 branch: http://websvn.kde.org/?view=revision&revision=1227469
kdenetwork 4:4.6.2-0ubuntu3 in natty and kdenetwork
4.5.5-0ubuntu2 in the maverick-proposed queue are already patched.
** Affects: kdenetwork (Ubuntu)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1000
** Visibility changed to: Public
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdenetwork in Ubuntu.
https://bugs.launchpad.net/bugs/757526
Title:
Updated fix for CVE-2010-1000
More information about the kubuntu-bugs
mailing list