[Bug 253388] New: ktorrent security update
https://bugzilla.novell.com/show_bug.cgi?id=253388 Summary: ktorrent security update Product: openSUSE 10.3 Version: Alpha 1plus Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: dmueller@novell.com QAContact: qa@suse.de Hi, ktorrent 2.1.2 was announced today, mentioning two undisclosed security vulnerabilities. the changeset is here: http://websvn.kde.org/?view=rev&revision=640661 it looks like two integer overflows and a remote arbitrary file overwrite vulnerability (didn't filter '/../' in path components). update? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |kde-maintainers@suse.de Component|Security |KDE Summary|ktorrent security update |VUL-0: ktorrent security update ------- Comment #1 from dmueller@novell.com 2007-03-10 11:29 MST ------- CVE-2007-1384 CVE-2007-1385 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #2 from meissner@novell.com 2007-03-12 02:02 MST ------- yes please. SWAMPID: 8737 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #3 from dmueller@novell.com 2007-03-12 06:27 MST ------- I have troubles locating the code to fix for 10.0 and I'm not 100% sure if my port of the fixes for 10.1 are correct. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kde-maintainers@suse.de |security-team@suse.de ------- Comment #4 from dmueller@novell.com 2007-03-12 07:16 MST ------- STABLE, 10.2, CODE10/10.1, 10.0 submitted. I'm not sure if the 10.0 fix is complete. IMHO an update to a newer version would be better. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #5 from dmueller@novell.com 2007-03-26 05:51 MST ------- PING! its been two weeks.. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #6 from thomas@novell.com 2007-03-26 06:40 MST ------- As far as I can see the corresponding patchinfo files are there since 12-03-2007 but not checked in. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |qa ------- Comment #7 from meissner@novell.com 2007-03-26 09:21 MST ------- checked in now. we missed that the packages were checked in already. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #9 from dmueller@novell.com 2007-04-02 14:43 MST ------- http://bugs.kde.org/show_bug.cgi?id=143637 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #10 from dmueller@novell.com 2007-04-02 15:53 MST ------- I've submitted new ktorrent to 10.0-10.2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|qa |patchinfos submitted ------- Comment #11 from lnussel@novell.com 2007-04-03 04:07 MST ------- Name: CVE-2007-1799 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1799 Reference: CONFIRM:http://bugs.kde.org/show_bug.cgi?id=143637 Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=170303 Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #12 from dmueller@novell.com 2007-04-16 08:12 MST ------- ping... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 ------- Comment #13 from lnussel@novell.com 2007-04-16 08:18 MST ------- i't getting mouldy in sled qa. I have approved the box updates now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 thomas@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=253388 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #14 from meissner@novell.com 2007-05-09 02:25 MST ------- was actually released some tiem ago -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com