[Pkg-kde-extras] Bug#432007: closed by Mark Purcell <msp at debian.org> (Re: Bug#432007: CVE-2007-1799: vulnerability in torrent.cpp)

Steffen Joeris white at debian.org
Fri Jul 6 17:04:16 UTC 2007


Hi Mark

Thanks for investigating as well.
I still have some concerns and maybe I am reading it wrong.
When I download current ktorrent from unstable and look into the
file "libktorrent/torrent/torrent.cpp", I do not see the if condition.
IMHO adding the condition " if (!sd.contains("/") && !sd.contains(".."))"
would fix the security issue, but the line is just missing.
Maybe they found another way of fixing it and used different code. Can you 
please confirm that?

Thanks for your feedback :)
Cheers
Steffen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20070706/c8b95a67/attachment.pgp 


More information about the pkg-kde-extras mailing list