FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdelibs -- directory traversal vulnerability

Affected packages
kdelibs < 4.14.10_7


VuXML ID 4472ab39-6c66-11e6-9ca5-50e549ebab6c
Discovery 2016-07-24
Entry 2016-08-27

David Faure reports:

A maliciously crafted archive (.zip or .tar.bz2) with "../" in the file paths could be offered for download via the KNewStuff framework (e.g. on, and upon extraction would install files anywhere in the user's home directory.


CVE Name CVE-2016-6232