http://bugzilla.opensuse.org/show_bug.cgi?id=1018969 Bug ID: 1018969 Summary: VUL-0: ark: unintended execution of scripts and executable files on "Open" functionality Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q1/45 =============================================== Hi, Albert from KDE, can we get a CVE assigned for ark (archive handling tool)? The problem is that the "Open" functionality of ark would run shell scripts, this is quite unexpected. The title for the advisory we're preparing is Ark: unintended execution of scripts and executable files The fix is already available at https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f... Thanks, Albert =============================================== -- You are receiving this mail because: You are on the CC list for the bug.