Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#59150 - [texstudio] Built against system QuaZip to fix the Zip Slip vulnerability (CVE-2018-1002209)
Attached to Project:
Community Packages
Opened by Chih-Hsuan Yen (yan12125) - Tuesday, 26 June 2018, 07:35 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Saturday, 07 July 2018, 00:46 GMT
Opened by Chih-Hsuan Yen (yan12125) - Tuesday, 26 June 2018, 07:35 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Saturday, 07 July 2018, 00:46 GMT
|
DetailsDescription:
TexStudio bundles an older QuaZip, which is affected by the Zip Slip vulnerability (CVE-2018-1002209). Please add USE_SYSTEM_QUAZIP=1 to qmake to include the QuaZip fix. Also reported upstream: https://github.com/texstudio-org/texstudio/issues/202 BTW, it would be nice to also add USE_SYSTEM_HUNSPELL=1. Additional info: * texstudio 2.12.8-1 * quazip 0.7.6-1 Steps to reproduce: |
This task depends upon
Closed by Sven-Hendrik Haase (Svenstaro)
Saturday, 07 July 2018, 00:46 GMT
Reason for closing: Implemented
Saturday, 07 July 2018, 00:46 GMT
Reason for closing: Implemented