This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[SECURITY] tar: Directory traversal vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A directory traversal bug has been found in GNU tar.

Patch:
http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch

More information:
http://security.gentoo.org/glsa/glsa-200709-09.xml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131


Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG7KUKpiWmPGlmQSMRCCHnAKCWv2NkvdPzSQ9N0u02+/gSNXDJRACeP3aO
onAeBivYyD6KJEarxF3pTFg=
=cZFE
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]