Description follows shortly.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75a72fe24a730420ec692367e4e108d4a0a6d617 commit 75a72fe24a730420ec692367e4e108d4a0a6d617 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-10 20:33:04 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-10 20:38:03 +0000 kde-apps/okular: Fix path traversal issue when extracting .okular file With a specially crafted .okular files it was possible to trick okular to create temporary files outside the temporary folder. Bug: https://bugs.gentoo.org/665662 KDE-Bug: https://bugs.kde.org/show_bug.cgi?id=398096 See also: https://phabricator.kde.org/D15192 Package-Manager: Portage-2.3.49, Repoman-2.3.10 .../okular-18.04.3-path-traversal-issue.patch | 46 +++++++++ kde-apps/okular/okular-18.04.3-r1.ebuild | 106 +++++++++++++++++++++ 2 files changed, 152 insertions(+)
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b40ed9ef781f864d1d0db41eed739374ac29658 commit 4b40ed9ef781f864d1d0db41eed739374ac29658 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-13 16:54:37 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-13 16:57:10 +0000 kde-apps/okular: Security cleanup Bug: https://bugs.gentoo.org/665662 Package-Manager: Portage-2.3.49, Repoman-2.3.10 kde-apps/okular/okular-18.04.3.ebuild | 103 ---------------------------------- 1 file changed, 103 deletions(-)
kde is done here, in case you didn't notice.
ping sec...
(In reply to Andreas Sturmlechner from comment #6) > ping sec... Pong min... glsa request was filed
This issue was resolved and addressed in GLSA 201811-08 at https://security.gentoo.org/glsa/201811-08 by GLSA coordinator Thomas Deutschmann (whissi).