[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
* Trying to backport ktorrent... - ktorrent_2.1.orig.tar.gz: downloading from librarian - ktorrent_2.1-0ubuntu2.diff.gz: downloading from librarian - ktorrent_2.1-0ubuntu2.dsc: downloading from librarian I: Extracting ktorrent_2.1-0ubuntu2.dsc ... done. I: Building backport of ktorrent-2.1 as 2.1-0ubuntu2~edgy1 ... done. ** Changed in: edgy-backports (upstream) Status: In Progress = Fix Released -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
* Trying to backport ktorrent... - ktorrent_2.1.orig.tar.gz: downloading from librarian - ktorrent_2.1-0ubuntu2.diff.gz: downloading from librarian - ktorrent_2.1-0ubuntu2.dsc: downloading from librarian I: Extracting ktorrent_2.1-0ubuntu2.dsc ... done. I: Building backport of ktorrent-2.1 as 2.1-0ubuntu2~dapper1 ... done. ** Changed in: dapper-backports (upstream) Status: In Progress = Fix Released -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Feisty version also approved for edgy and dapper backports to fix this USN for Backports users. ** Also affects: dapper-backports (upstream) Importance: Undecided Status: Unconfirmed ** Also affects: edgy-backports (upstream) Importance: Undecided Status: Unconfirmed ** Changed in: dapper-backports (upstream) Status: Unconfirmed = In Progress ** Changed in: edgy-backports (upstream) Status: Unconfirmed = In Progress -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
You're welcome! Thanks again for getting the patches ready. :) For completeness, the USN for this update is: http://www.ubuntu.com/usn/usn-436-1 -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Thanks for getting these put together. I'll test them all including breezy. I adjusted your debdiffs to include the assigned CVEs, and to use the -security pocket. ** Changed in: ktorrent (Ubuntu Feisty) Assignee: (unassigned) = Kees Cook ** Changed in: ktorrent (Ubuntu Edgy) Assignee: (unassigned) = Kees Cook ** Changed in: ktorrent (Ubuntu Dapper) Assignee: (unassigned) = Kees Cook ** Changed in: ktorrent (Ubuntu Breezy) Assignee: (unassigned) = Kees Cook -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Hm, looks like the patch system in the dapper and edgy packages need manual changes to the debian/rules files. I've adjusted them. -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Kees, Rock on! Thanks for helping me with this. If you have any issues, just ping me on IRC this evening as I will be around to help out if needed. Thanks again! -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
** Changed in: ktorrent (Ubuntu Feisty) Status: Fix Committed = Fix Released ** Changed in: ktorrent (Ubuntu Edgy) Status: Fix Committed = Fix Released ** Changed in: ktorrent (Ubuntu Dapper) Status: Fix Committed = Fix Released ** Changed in: ktorrent (Ubuntu Breezy) Status: Fix Committed = Fix Released -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
IGNORE PREVIOUS ATTACHMENTS - TYPO -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Edgy fix ** Attachment added: Edgy fix (debdiff) http://librarian.launchpad.net/6728790/kubuntu_edgy.debdiff -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Dapper fix ** Attachment added: Dapper fix (debdiff) http://librarian.launchpad.net/6728791/ktorrent_dapper.debdiff ** Changed in: ktorrent (Ubuntu Edgy) Status: Confirmed = Fix Committed ** Changed in: ktorrent (Ubuntu Dapper) Status: Confirmed = Fix Committed -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Feisty fix ** Attachment added: Feisty fix (debdiff) http://librarian.launchpad.net/6728799/ktorrent_feisty.debdiff ** Changed in: ktorrent (Ubuntu Feisty) Status: Confirmed = Fix Committed -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Breezy Fix - someone with a Breezy setup double test this for me please. Thanks! ** Attachment added: Breezy fix (debdiff) http://librarian.launchpad.net/6728993/ktorrent_breezy.debdiff ** Changed in: ktorrent (Ubuntu Breezy) Status: Confirmed = Fix Committed -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
91172 in progress. accidental double posting? ** Changed in: ktorrent (Ubuntu) Status: Unconfirmed = Rejected -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
(from 91172, now dup'd) http://websvn.kde.org/?view=revrevision=640661 From a quick review, the changes to torrent.cpp are to stop arbitrary path overwrites, and the other changes are to protect against heap corruption. I haven't studied the code paths too much, but it feels like a very dedicated attacker could manage to get arbitrary code execution. ** Changed in: ktorrent (Ubuntu) Importance: Undecided = Medium Status: Rejected = Confirmed ** Changed in: ktorrent (Ubuntu Edgy) Importance: Undecided = Medium Status: Unconfirmed = Confirmed ** Changed in: ktorrent (Ubuntu Dapper) Importance: Undecided = Medium Status: Unconfirmed = Confirmed ** Changed in: ktorrent (Ubuntu Breezy) Importance: Undecided = Medium Status: Unconfirmed = Confirmed ** This bug has been flagged as a security issue -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Edgy debdiff ** Attachment added: Edgy fix http://librarian.launchpad.net/6724747/ktorrent_edgy.debdiff -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 91174] Re: KTorrent security issue with releases 2.1.2 (Breezy - Feisty)
Dapper debdiff ** Attachment added: Dapper fix http://librarian.launchpad.net/6724838/ktorrent_dapper.debdiff -- KTorrent security issue with releases 2.1.2 (Breezy - Feisty) https://launchpad.net/bugs/91174 -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs