From $URL: "A weakness has been reported in Ark, which can be exploited by malicious people to manipulate certain data. The weakness is caused due to an input validation error when viewing files in ZIP archives, which can be exploited to display and delete arbitrary files via the "../" directory traversal sequence. The weakness is reported in version 2.16. Other versions may also be affected." The advisory does not list the fixed version, nor does the disclosure at: http://seclists.org/fulldisclosure/2011/Oct/351
Fixed in: ark-4.6.5-r1 ark-4.7.1-r1 ark-4.7.2-r1
(In reply to comment #1) > Fixed in: > ark-4.6.5-r1 > ark-4.7.1-r1 > ark-4.7.2-r1 Maciej, I see that these versions are in the tree. Are they ready for stabilization?
(In reply to comment #2) > (In reply to comment #1) > > Fixed in: > > ark-4.6.5-r1 (...) > > Maciej, I see that these versions are in the tree. Are they ready for > stabilization? kde-base/ark-4.6.5-r1 is ready. Arches please stabilize, target "amd64 x86" and "ppc" as soon as they get around stabilizing 4.6.5 in general. :|
amd64 ok
x86 stable
ditto Ago
amd64 done. Thanks Agostino and Ian
AFAIK ppc is not going to stabilize 4.6.5, it makes no sense for them given that 4.7 stabilzation is nearing.
(In reply to comment #8) > AFAIK ppc is not going to stabilize 4.6.5, it makes no sense for them given > that 4.7 stabilzation is nearing. Ok thanks. We'll wait on 388279.
<kde-base/ark-4.6.5-r1 removed from tree.
Thanks, everyone. GLSA vote: no.
GLSA Vote: yes.
Thanks guys. Nothing left to do for kde.
NO too, closing.