This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] tar: Directory traversal vulnerability
- From: Eric Blake <ebb9 at byu dot net>
- To: cygwin-apps at cygwin dot com
- Date: Sun, 16 Sep 2007 09:41:05 -0600
- Subject: Re: [SECURITY] tar: Directory traversal vulnerability
- References: <46ECA50A.9010108@users.sourceforge.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Yaakov (Cygwin Ports) on 9/15/2007 9:37 PM:
> A directory traversal bug has been found in GNU tar.
>
> Patch:
> http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch
That's nice, but I've already patched it for cygwin (not to mention that
since cygwin's .. handling isn't Posix compliant, the bug didn't have
quite the same effect on cygwin):
http://cygwin.com/ml/cygwin-announce/2007-08/msg00015.html
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG7U6R84KuGfSFAYARAiVrAKCUboK4fYAigmkJuuK3P7YgBxahrACffvkU
SuHh4DKe4Dj9jx8Evc3RDV0=
=lYtV
-----END PGP SIGNATURE-----