Summary: | <kde-apps/ark-20.04.3-r1: Arbitrary file overwrite via malicious archives (CVE-2020-16116) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | Flags: | nattka:
sanity-check+
|
||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://kde.org/info/security/advisory-20200730-1.txt | ||||||
Whiteboard: | B2 [glsa+ cve] | ||||||
Package list: |
kde-apps/ark-20.04.3-r1
|
Runtime testing required: | --- | ||||
Attachments: |
|
Description
John Helmert III
2020-07-29 22:36:26 UTC
Maintainer, please apply the patch to our version. Created attachment 651734 [details, diff]
CVE-2020-16116 patch
As a temporary fix, here is a patch to put in /etc/portage/patches/kde-apps/ark/ which applies the commit linked above.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55a42a5c7060468e5406884bfa4294b3cdc824c7 commit 55a42a5c7060468e5406884bfa4294b3cdc824c7 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-01 15:41:53 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-01 22:57:17 +0000 kde-apps/ark: Fix CVE-2020-16116 Bug: https://bugs.gentoo.org/734622 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/ark/ark-20.04.3-r1.ebuild | 85 ++++++++++++++++++++++ .../ark/files/ark-20.04.3-CVE-2020-16116.patch | 46 ++++++++++++ 2 files changed, 131 insertions(+) Thanks. Tell us when ready to stable. Is that a yes? ;) arm64 stable amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a51a70967106f46cf55b16b9209947481133c90 commit 6a51a70967106f46cf55b16b9209947481133c90 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-05 14:29:19 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-06 15:04:35 +0000 kde-apps/ark: Drop vulnerable 20.04.3 (r0) Bug: https://bugs.gentoo.org/734622 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/ark/ark-20.04.3.ebuild | 83 ----------------------------------------- 1 file changed, 83 deletions(-) Thanks. Cleanup done. This issue was resolved and addressed in GLSA 202008-03 at https://security.gentoo.org/glsa/202008-03 by GLSA coordinator Sam James (sam_c). |