Mandriva Linux Security Advisory 2011-081 - Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a dot dot in the name attribute of a file element in a metalink file.
fc127713d8ef1e9a75c6a5226437ea6403cc42a9d2d302d3f21f67e296f07e1a
Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
199469c643b5e4c304c02c3d9fc6e2fb4d3cadbdda2742ae7e4a442ce97d9f12