The Ubuntu bug at $URL references a new, more complete fix for CVE-2010-1000. And states: KDE has updated the fix for CVE-2010-1000. The previous patch still allows up traversal at the beginning, e.g. "../foo/bar". The upstream fixes are at: http://websvn.kde.org/?view=revision&revision=1227468 http://websvn.kde.org/?view=revision&revision=1227469
Added as patch in kget-4.6.2-r1. (kget-4.6.3 already includes the fix.) ppc will be handled directly in the kde stabilization bug. x86 and amd64, please stabilize kde-base/kget-4.6.2-r1
works on amd64
amd64 stable
x86 stable
Thanks, everyone. GLSA Vote: No.
Thanks everyone.
NO too, closing.
*** Bug 386295 has been marked as a duplicate of this bug. ***