diff options
author | Eric Hameleers <alien@slackware.com> | 2020-07-30 19:45:19 +0200 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-07-30 19:45:19 +0200 |
commit | 52b1f1cb9f8d4e1fb1fcbde59930a105a819b0b4 (patch) | |
tree | 22f1205f0276563548f2864997c82a8af7307fcd /kde/patch/okular/cve-2020-9359.patch | |
parent | 42f29689f597520389829b6d22c56ee21ace7657 (diff) | |
download | ktown-52b1f1cb9f8d4e1fb1fcbde59930a105a819b0b4.tar.gz ktown-52b1f1cb9f8d4e1fb1fcbde59930a105a819b0b4.tar.xz |
Cleanup unused KDE patches
Thanks to Patrick Volkerding for the effort.
Diffstat (limited to 'kde/patch/okular/cve-2020-9359.patch')
-rw-r--r-- | kde/patch/okular/cve-2020-9359.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/kde/patch/okular/cve-2020-9359.patch b/kde/patch/okular/cve-2020-9359.patch deleted file mode 100644 index d82c91c..0000000 --- a/kde/patch/okular/cve-2020-9359.patch +++ /dev/null @@ -1,32 +0,0 @@ -Okular: Local binary execution via action links -CVE: CVE-2020-9359 - -Okular can be tricked into executing local binaries via specially crafted -PDF files. -This binary execution can require almost no user interaction. -No parameters can be passed to those local binaries. -We have not been able to identify any binary that will cause actual damage, -be it in the hardware or software level, when run without parameters. - -We remain relatively confident that for this issue to do any actual damage, -it has to run a binary specially crafted. That binary must have been deployed -to the user system via another method, be it the user downloading it directly -as an email attachment, webpage download, etc. or by the system being -already compromised. - - -diff --git a/core/document.cpp b/core/document.cpp -index 3215a1abce6292a6cc25c5f8b645232c92d75ec5..0aa5b698019a2660f2d6baabd54cef1e82002b0e 100644 ---- a/core/document.cpp -+++ b/core/document.cpp -@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) - { - const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); - // KRun autodeletes -- new KRun( realUrl, d->m_widget ); -+ KRun *r = new KRun( realUrl, d->m_widget ); -+ r->setRunExecutables(false); - } - } - } break; - |