* [gentoo-commits] gentoo-x86 commit in kde-base/kget/files: kget-4.6.2-metalinker.patch
@ 2011-05-14 13:43 Andreas HAttel (dilfridge)
0 siblings, 0 replies; 2+ messages in thread
From: Andreas HAttel (dilfridge) @ 2011-05-14 13:43 UTC (permalink / raw
To: gentoo-commits
dilfridge 11/05/14 13:43:34
Added: kget-4.6.2-metalinker.patch
Log:
Add upstream security patch, CVE-2010-1000
(Portage version: 2.1.9.49/cvs/Linux x86_64)
Revision Changes Path
1.1 kde-base/kget/files/kget-4.6.2-metalinker.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/kget/files/kget-4.6.2-metalinker.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/kget/files/kget-4.6.2-metalinker.patch?rev=1.1&content-type=text/plain
Index: kget-4.6.2-metalinker.patch
===================================================================
--- branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp 2010/12/22 13:31:19 1208598
+++ branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp 2011/04/09 09:26:37 1227471
@@ -583,7 +583,13 @@
return false;
}
- if (name.contains(QRegExp("$(\\.\\.?)?/")) || name.contains("/../") || name.endsWith("/..")) {
+ if (name.endsWith('/')) {
+ kError(5001) << "Name attribute of Metalink::File does not contain a file name:" << name;
+ return false;
+ }
+
+ const QStringList components = name.split('/');
+ if (name.startsWith('/') || components.contains("..") || components.contains(".")) {
kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << name;
return false;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* [gentoo-commits] gentoo-x86 commit in kde-base/kget/files: kget-4.6.2-metalinker.patch
@ 2011-12-12 1:16 Jonathan Callen (abcd)
0 siblings, 0 replies; 2+ messages in thread
From: Jonathan Callen (abcd) @ 2011-12-12 1:16 UTC (permalink / raw
To: gentoo-commits
abcd 11/12/12 01:16:53
Removed: kget-4.6.2-metalinker.patch
Log:
rm old files
(Portage version: 2.2.0_alpha80/cvs/Linux x86_64)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-12-12 1:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-12 1:16 [gentoo-commits] gentoo-x86 commit in kde-base/kget/files: kget-4.6.2-metalinker.patch Jonathan Callen (abcd)
-- strict thread matches above, loose matches on Subject: below --
2011-05-14 13:43 Andreas HAttel (dilfridge)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox