This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [SECURITY] tar: Directory traversal vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Yaakov (Cygwin Ports) on 9/15/2007 9:37 PM:
> A directory traversal bug has been found in GNU tar.
> 
> Patch:
> http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch

That's nice, but I've already patched it for cygwin (not to mention that
since cygwin's .. handling isn't Posix compliant, the bug didn't have
quite the same effect on cygwin):
http://cygwin.com/ml/cygwin-announce/2007-08/msg00015.html

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG7U6R84KuGfSFAYARAiVrAKCUboK4fYAigmkJuuK3P7YgBxahrACffvkU
SuHh4DKe4Dj9jx8Evc3RDV0=
=lYtV
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]