Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected] Control: affects -1 + src:dolphin User: [email protected] Usertags: pu
* CVE-2026-41525: Sandbox escape
diffstat for dolphin-25.04.3 dolphin-25.04.3 changelog | 7 + patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch | 44 ++++++++++ patches/series | 1 3 files changed, 52 insertions(+) diff -Nru dolphin-25.04.3/debian/changelog dolphin-25.04.3/debian/changelog --- dolphin-25.04.3/debian/changelog 2025-07-23 09:19:05.000000000 +0300 +++ dolphin-25.04.3/debian/changelog 2026-07-02 20:11:18.000000000 +0300 @@ -1,3 +1,10 @@ +dolphin (4:25.04.3-1+deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * CVE-2026-41525: Sandbox escape + + -- Adrian Bunk <[email protected]> Thu, 02 Jul 2026 20:11:18 +0300 + dolphin (4:25.04.3-1) unstable; urgency=medium [ Aurélien COUDERC ] diff -Nru dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch --- dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch 1970-01-01 02:00:00.000000000 +0200 +++ dolphin-25.04.3/debian/patches/0001-dolphinviewcontainer-do-not-implicitly-open-director.patch 2026-07-02 20:10:57.000000000 +0300 @@ -0,0 +1,44 @@ +From cfd995e74fd5ab716e21231f8bf63e8aa508c2a4 Mon Sep 17 00:00:00 2001 +From: Harald Sitter <[email protected]> +Date: Tue, 10 Feb 2026 12:55:11 +0100 +Subject: dolphinviewcontainer: do not implicitly open directories as files + +we already have xdg-run, we don't need another runner interface ;) + +notably if the user disabled the ask-before-execute guard rail from KIO, +they would also implicitly allow other applications to execute any file +by invoking it through dolphin, that would be a bit silly and isn't the +point of the guard rail opt-out. + +when detecting a file we now instead open the parent + +Should improve +CCBUG: 516830 +--- + src/dolphinviewcontainer.cpp | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/src/dolphinviewcontainer.cpp b/src/dolphinviewcontainer.cpp +index e13f4a87b..10567db85 100644 +--- a/src/dolphinviewcontainer.cpp ++++ b/src/dolphinviewcontainer.cpp +@@ -724,15 +724,7 @@ void DolphinViewContainer::slotUrlIsFileError(const QUrl &url) + { + const KFileItem item(url); + +- // Find out if the file can be opened in the view (for example, this is the +- // case if the file is an archive). The mime type must be known for that. +- item.determineMimeType(); +- const QUrl &folderUrl = DolphinView::openItemAsFolderUrl(item, true); +- if (!folderUrl.isEmpty()) { +- setUrl(folderUrl); +- } else { +- slotItemActivated(item); +- } ++ setUrl(KIO::upUrl(item.url())); + } + + void DolphinViewContainer::slotItemActivated(const KFileItem &item) +-- +2.47.3 + diff -Nru dolphin-25.04.3/debian/patches/series dolphin-25.04.3/debian/patches/series --- dolphin-25.04.3/debian/patches/series 2025-07-23 09:19:05.000000000 +0300 +++ dolphin-25.04.3/debian/patches/series 2026-07-02 20:11:16.000000000 +0300 @@ -7,3 +7,4 @@ upstream_3e4d9ca1_fix-incorrect-view-reset-when-unmounting-similarly-named-devices.patch upstream_6dd55251_DolphinView-display-errorMessage-when-copy-errors-occurs.patch upstream_c4ffe88c_DolphinView-display-errorMessage-when-copy-errors-occurs.patch +0001-dolphinviewcontainer-do-not-implicitly-open-director.patch

