diff options
Diffstat (limited to '')
-rw-r--r-- | kde/patch/okular/cve-2020-9359.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/kde/patch/okular/cve-2020-9359.patch b/kde/patch/okular/cve-2020-9359.patch deleted file mode 100644 index d82c91c..0000000 --- a/kde/patch/okular/cve-2020-9359.patch +++ /dev/null @@ -1,32 +0,0 @@ -Okular: Local binary execution via action links -CVE: CVE-2020-9359 - -Okular can be tricked into executing local binaries via specially crafted -PDF files. -This binary execution can require almost no user interaction. -No parameters can be passed to those local binaries. -We have not been able to identify any binary that will cause actual damage, -be it in the hardware or software level, when run without parameters. - -We remain relatively confident that for this issue to do any actual damage, -it has to run a binary specially crafted. That binary must have been deployed -to the user system via another method, be it the user downloading it directly -as an email attachment, webpage download, etc. or by the system being -already compromised. - - -diff --git a/core/document.cpp b/core/document.cpp -index 3215a1abce6292a6cc25c5f8b645232c92d75ec5..0aa5b698019a2660f2d6baabd54cef1e82002b0e 100644 ---- a/core/document.cpp -+++ b/core/document.cpp -@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) - { - const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); - // KRun autodeletes -- new KRun( realUrl, d->m_widget ); -+ KRun *r = new KRun( realUrl, d->m_widget ); -+ r->setRunExecutables(false); - } - } - } break; - |