diff options
author | Eric Hameleers <alien@slackware.com> | 2020-07-31 16:13:18 +0200 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-07-31 16:13:18 +0200 |
commit | 703149752c6265b36973d2c1f0f5a69721e3128a (patch) | |
tree | 7ded0d801771d5705f48ffbfb48f37dd4829439e /kde/patch/okular/cve-2020-9359.patch | |
parent | dd005500c624d127321ff3fe14a0c29bfa8d67f7 (diff) | |
parent | cd7ff1719433fbb3b6a8304596be173bc1b91b00 (diff) | |
download | ktown-703149752c6265b36973d2c1f0f5a69721e3128a.tar.gz ktown-703149752c6265b36973d2c1f0f5a69721e3128a.tar.xz |
Diffstat (limited to 'kde/patch/okular/cve-2020-9359.patch')
-rw-r--r-- | kde/patch/okular/cve-2020-9359.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/kde/patch/okular/cve-2020-9359.patch b/kde/patch/okular/cve-2020-9359.patch deleted file mode 100644 index d82c91c..0000000 --- a/kde/patch/okular/cve-2020-9359.patch +++ /dev/null @@ -1,32 +0,0 @@ -Okular: Local binary execution via action links -CVE: CVE-2020-9359 - -Okular can be tricked into executing local binaries via specially crafted -PDF files. -This binary execution can require almost no user interaction. -No parameters can be passed to those local binaries. -We have not been able to identify any binary that will cause actual damage, -be it in the hardware or software level, when run without parameters. - -We remain relatively confident that for this issue to do any actual damage, -it has to run a binary specially crafted. That binary must have been deployed -to the user system via another method, be it the user downloading it directly -as an email attachment, webpage download, etc. or by the system being -already compromised. - - -diff --git a/core/document.cpp b/core/document.cpp -index 3215a1abce6292a6cc25c5f8b645232c92d75ec5..0aa5b698019a2660f2d6baabd54cef1e82002b0e 100644 ---- a/core/document.cpp -+++ b/core/document.cpp -@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) - { - const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); - // KRun autodeletes -- new KRun( realUrl, d->m_widget ); -+ KRun *r = new KRun( realUrl, d->m_widget ); -+ r->setRunExecutables(false); - } - } - } break; - |