Source: okular Version: 4:17.12.2-2 Severity: important Tags: patch security upstream Forwarded: https://bugs.kde.org/show_bug.cgi?id=398096
Hi, The following vulnerability was published for okular. CVE-2018-1000801[0]: | okular version 18.08 and earlier contains a Directory Traversal | vulnerability in function "unpackDocumentArchive(...)" in | "core/document.cpp" that can result in Arbitrary file creation on the | user workstation. This attack appear to be exploitable via he victim | must open a specially crafted Okular archive. This issue appears to | have been corrected in version 18.08.1 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000801 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000801 [1] https://bugs.kde.org/show_bug.cgi?id=398096 [2] https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
