Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 618920 Details for
Bug 712490
<kde-apps/okular-19.12.3-r1: Local binary execution via action links (CVE-2020-9359)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix from upstream
CVE-2020-9359-Fix_via_commit_6a93a033b4f9248b3cd4d04689b8391df754e244.patch (text/plain), 902 bytes, created by
Nils Freydank
on 2020-03-14 14:05:16 UTC
(
hide
)
Description:
fix from upstream
Filename:
MIME Type:
Creator:
Nils Freydank
Created:
2020-03-14 14:05:16 UTC
Size:
902 bytes
patch
obsolete
>From 6a93a033b4f9248b3cd4d04689b8391df754e244 Mon Sep 17 00:00:00 2001 >From: Albert Astals Cid <aacid@kde.org> >Date: Tue, 10 Mar 2020 23:07:24 +0100 >Subject: [PATCH] Document::processAction: If the url points to a binary, don't > run it > >--- > core/document.cpp | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/core/document.cpp b/core/document.cpp >index 3215a1abc..0aa5b6980 100644 >--- a/core/document.cpp >+++ b/core/document.cpp >@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) > { > const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); > // KRun autodeletes >- new KRun( realUrl, d->m_widget ); >+ KRun *r = new KRun( realUrl, d->m_widget ); >+ r->setRunExecutables(false); > } > } > } break; >-- >2.24.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=618920">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 712490
: 618920
