This bug was fixed in the package ark - 4:15.12.3-0ubuntu1.1
---
ark (4:15.12.3-0ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Stop running executables when opening urls (LP: #1655507)
- debian/patches/00_disable_open_functionality.patch
- CVE-2017-5530
--
** Changed in: ark (Ubuntu Yakkety)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1655507
Title:
CVE-2017-5330 - Ark: unintended execution of scripts
On 20/01/17 03:42, Simon Quigley wrote:
> I'm marking this as Fix Committed in Zesty, and if someone could mark
> this as Fix Released once it gets through to zesty-release, that would
> be great. Looks like someone forgot to put this bug number in the
> changelog.
I did, thanks.
--
You received
KDE Applications 16.12.1 seems to be uploaded to Zesty (excluding PIM)
and it includes Ark 16.12.1, which has this fix baked in.
https://launchpad.net/ubuntu/+source/ark/4:16.12.1-0ubuntu1
I'm marking this as Fix Committed in Zesty, and if someone could mark
this as Fix Released once it gets throu
New debdiff.patch that conforms ubuntu security sponsorship procedures
** Patch added: "debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1655507/+attachment/4806031/+files/debdiff.patch
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is
Subscribing ubuntu-security-sponsors so this gets looked at.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1655507
Title:
CVE-2017-5330 - Ark: unintended execution of scripts and executable
On 17/01/17 08:52, visred wrote:
> I tested it and no problems on yakkety. I was trying to send a merge
> proposal but I am unable to find the bzr branch.
>
> Although ark is present at lp:ark , bzr can't pull from there for some
> reason. Tried using git too. Still can't find the branch.
Here:
h
I am including a debdiff for yakkety
Clive if you want I can build it in my ppa. I already started building
for yakkety. Please test it and sponsor these diffs
https://launchpad.net/~visred/+archive/ubuntu/rel-ppa/+packages
** Attachment added: "debdiff-yakkety"
https://bugs.launchpad.net/ubu
** Tags added: patch
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1655507
Title:
CVE-2017-5330 - Ark: unintended execution of scripts and executable
files
To manage notifications about t
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
10 matches
Mail list logo