summaryrefslogtreecommitdiffstats
path: root/kde/patch/okular/cve-2020-9359.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde/patch/okular/cve-2020-9359.patch')
-rw-r--r--kde/patch/okular/cve-2020-9359.patch32
1 files changed, 0 insertions, 32 deletions
diff --git a/kde/patch/okular/cve-2020-9359.patch b/kde/patch/okular/cve-2020-9359.patch
deleted file mode 100644
index d82c91c..0000000
--- a/kde/patch/okular/cve-2020-9359.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Okular: Local binary execution via action links
-CVE: CVE-2020-9359
-
-Okular can be tricked into executing local binaries via specially crafted
-PDF files.
-This binary execution can require almost no user interaction.
-No parameters can be passed to those local binaries.
-We have not been able to identify any binary that will cause actual damage,
-be it in the hardware or software level, when run without parameters.
-
-We remain relatively confident that for this issue to do any actual damage,
-it has to run a binary specially crafted. That binary must have been deployed
-to the user system via another method, be it the user downloading it directly
-as an email attachment, webpage download, etc. or by the system being
-already compromised.
-
-
-diff --git a/core/document.cpp b/core/document.cpp
-index 3215a1abce6292a6cc25c5f8b645232c92d75ec5..0aa5b698019a2660f2d6baabd54cef1e82002b0e 100644
---- a/core/document.cpp
-+++ b/core/document.cpp
-@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action )
- {
- const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url);
- // KRun autodeletes
-- new KRun( realUrl, d->m_widget );
-+ KRun *r = new KRun( realUrl, d->m_widget );
-+ r->setRunExecutables(false);
- }
- }
- } break;
-