Tomas Hoger writes ( https://bugzilla.redhat.com/show_bug.cgi?id=448285 ):
Mamoru Tasaka discovered, that cbrpager (Simple comic book pager for Linux) does
not properly sanitize file names of the image archives before calling external
decompression utilities unrar and unzip using system() libc library call.
Opening a .zip or .rar archive with specially crafted filename can result in an
execution of the arbitrary code with the privileges of the user running cbrpager.
Sample file name:
(same as for similar issue in comix -
Mamoru's patch accepted by upstream:
Fixed upstream in version 0.9.17:
As noted in the Bugzilla, there's an update to the patch:
0.9.17 is in CVS, including the patch from comment #1.
Arches, please test and mark stable:
Target keywords : "amd64 release x86"
amd64 stable. All archs stable.
Fixed in release snapshot.
GLSA request filed.