https://bugzilla.novell.com/show_bug.cgi?id=253388 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|qa |patchinfos submitted ------- Comment #11 from lnussel@novell.com 2007-04-03 04:07 MST ------- Name: CVE-2007-1799 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1799 Reference: CONFIRM:http://bugs.kde.org/show_bug.cgi?id=143637 Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=170303 Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.