593224 – <kde-base/kdelibs-4.14.24: Extraction of tar files possible to arbitrary system locations

Bug 593224 - <kde-base/kdelibs-4.14.24: Extraction of tar files possible to arbitrary system locations

Summary: <kde-base/kdelibs-4.14.24: Extraction of tar files possible to arbitrary syst...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2016-09-08 17:11 UTC by Arfrever Frehtes Taifersar Arahesis
Modified:	2016-09-17 00:23 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2016-6232
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arfrever Frehtes Taifersar Arahesis 2016-09-08 17:11:34 UTC

Fix for vulnerability in karchive (handled in bug #589054) was backported by upstream to kdelibs and released in kdelibs-4.14.24.

https://quickgit.kde.org/?p=kdelibs.git&a=commit&h=dd1c2da9d26fd4cfc7fe0a25f413e536d56cf2db

Comment 1 Michael Palimaka (kensington) gentoo-dev

2016-09-08 18:54:46 UTC

There's been minimal other changes since .22, so feel free to stabilise at will.

Comment 2 Yury German Gentoo Infrastructure

2016-09-11 05:41:16 UTC

Arches, please test and mark stable:

=kde-base/kdelibs-4.14.24

Target Keywords : "amd64 x86"

Thank you!

Comment 3 Agostino Sarubbo gentoo-dev

2016-09-13 11:37:49 UTC

amd64 stable

Comment 4 Michael Palimaka (kensington) gentoo-dev

2016-09-14 15:56:57 UTC

x86 stable and cleanup done

Comment 5 Yury German Gentoo Infrastructure

2016-09-16 04:03:38 UTC

Arches and Maintainer(s), Thank you for your work.

GLSA Vote: No
Closing noglsa.