Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hello, [ Disclaimer: I've already asked security team about this upload and they told me to do it via s-p-u ] This upload would contain a patch that improves fix for CVE-2010-1000. Change-by-change details are below while full diff is attached. * Add cve_2010_1000_directory_traversal.diff, note that CVE-2010-1000 was already fixed, but this patch performs a better protection against that vulnerability. http://git.debian.org/?p=pkg-kde/kde-sc/kdenetwork.git;a=commit;h=f18dc -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/4 CPU cores) Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog index 1dc6e8e..45a905d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +kdenetwork (4:4.4.5-2+squeeze1) UNRELEASED; urgency=low + + * Add cve_2010_1000_directory_traversal.diff, note that CVE-2010-1000 was + already fixed, but this patch performs a better protection against that + vulnerability. + + -- José Manuel SantamarÃa Lema <panfa...@gmail.com> Sun, 17 Apr 2011 20:04:11 +0200 + kdenetwork (4:4.4.5-2) unstable; urgency=low * Point debian/control Vcs fields to the new Git repository. diff --git a/debian/patches/cve_2010_1000_directory_traversal.diff b/debian/patches/cve_2010_1000_directory_traversal.diff new file mode 100644 index 0000000..125f104 --- /dev/null +++ b/debian/patches/cve_2010_1000_directory_traversal.diff @@ -0,0 +1,21 @@ +Origin: http://websvn.kde.org/?view=revision&revision=1227468 +Description: Further addresses CVE-2010-1000. + The file name of Metalink File is checked a better way, making it work under + more conditions. +--- a/kget/ui/metalinkcreator/metalinker.cpp ++++ b/kget/ui/metalinkcreator/metalinker.cpp +@@ -583,7 +583,13 @@ + return false; + } + +- if (name.contains(QRegExp("$(\\.\\.?)?/")) || name.contains("/../") || name.endsWith("/..")) { ++ if (name.endsWith('/')) { ++ kError(5001) << "Name attribute of Metalink::File does not contain a file name:" << name; ++ return false; ++ } ++ ++ const QStringList components = name.split('/'); ++ if (name.startsWith('/') || components.contains("..") || components.contains(".")) { + kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << name; + return false; + } diff --git a/debian/patches/series b/debian/patches/series index 899f203..b50afdb 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 01_backport_use_system_libktorrent.diff 02_debian_libktorrent_porting.diff 03_kopete_icq_login_fix.diff +cve_2010_1000_directory_traversal.diff