Summary: | <kde-frameworks/ktexteditor-5.90.0-r2: Missing validation of binaries executed by QProcess | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://kde.org/info/security/advisory-20220131-1.txt | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 831587 | ||
Bug Blocks: | 833154 |
Description
Sam James
2022-01-31 20:14:40 UTC
Note that we don't need to patch Kate given we've patched KTextEditor, as per advisory. Patches are simpler for KTextEditor too. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=164f9ef42c0fd49cab16b428e75b47e92327ca50 commit 164f9ef42c0fd49cab16b428e75b47e92327ca50 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-02-10 08:20:49 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-02-10 09:11:01 +0000 kde-frameworks/ktexteditor: drop 5.88.0* Bug: https://bugs.gentoo.org/832447 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-frameworks/ktexteditor/Manifest | 1 - .../ktexteditor-5.88.0-revert-invoke-always.patch | 36 ------------- .../ktexteditor/ktexteditor-5.88.0-r1.ebuild | 63 ---------------------- 3 files changed, 100 deletions(-) kde proj is done here. *** Bug 833152 has been marked as a duplicate of this bug. *** *** Bug 833153 has been marked as a duplicate of this bug. *** The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e942b106d11d2a5ee17ed381e8b9a59583355b52 commit e942b106d11d2a5ee17ed381e8b9a59583355b52 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-15 15:42:22 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-15 15:42:48 +0000 [ GLSA 202401-21 ] KTextEditor: Arbitrary Local Code Execution Bug: https://bugs.gentoo.org/832447 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-21.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |