[Pkg-kde-extras] Bug#432007: closed by Mark Purcell <msp at debian.org> (Re: Bug#432007: CVE-2007-1799: vulnerability in torrent.cpp)
Steffen Joeris
white at debian.org
Fri Jul 6 17:04:16 UTC 2007
Hi Mark
Thanks for investigating as well.
I still have some concerns and maybe I am reading it wrong.
When I download current ktorrent from unstable and look into the
file "libktorrent/torrent/torrent.cpp", I do not see the if condition.
IMHO adding the condition " if (!sd.contains("/") && !sd.contains(".."))"
would fix the security issue, but the line is just missing.
Maybe they found another way of fixing it and used different code. Can you
please confirm that?
Thanks for your feedback :)
Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20070706/c8b95a67/attachment.pgp
More information about the pkg-kde-extras
mailing list