349565 – <app-text/calibre-0.7.35: Directory Traversal Vulnerability

Bug 349565 - <app-text/calibre-0.7.35: Directory Traversal Vulnerability

Summary: <app-text/calibre-0.7.35: Directory Traversal Vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://bugs.calibre-ebook.com/ticket/...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-12-24 04:32 UTC by Tim Sammut (RETIRED)
Modified:	2010-12-24 19:26 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2010-12-24 04:32:00 UTC

Upstream has released 0.7.35, which looks to fix the directory traversal issue raised in:

http://www.waraxe.us/advisory-77.html

The ticket at $URL references this advisory.

Comment 1 Zac Medico gentoo-dev

2010-12-24 05:23:07 UTC

Now I've added a calibre-0.7.35 ebuild to the tree.

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2010-12-24 05:26:01 UTC

(In reply to comment #1)
> Now I've added a calibre-0.7.35 ebuild to the tree.
> 

Thank you. Closing noglsa.

Comment 3 Alex Legler (RETIRED) archtester

2010-12-24 13:48:01 UTC

(In reply to comment #1)
> Now I've added a calibre-0.7.35 ebuild to the tree.
> 

Please also remove older, vulnerable versions.

Comment 4 Zac Medico gentoo-dev

2010-12-24 19:26:21 UTC

(In reply to comment #3)
> Please also remove older, vulnerable versions.

Thanks, done now.