cabextract 1.1 has been released to fix this Changes since 1.0: A security vulnerability has been fixed. If the files within a cabinet file include "../" in their filenames, this will be changed to "xx/", so cabinets cannot access the parent directory of where you want to extract them. fonts herd, please bump to 1.1
Done. Needs stable keywords by: ppc sparc alpha hppa amd64 ia64.
BTW, suggested test is `emerge media-fonts/corefonts` -- they use cab archives.
Thx Donnie. Arches please mark cabextract-1.1 stable.
sparc tasty.
Stable on ppc.
arm/hppa/ia64 stable
Stable on alpha.
Not sure we need a GLSA for this one. Having root extract unknown .cab archives from known locations to overwrite files seems like an unlikely scenario...
Good thing we know MD5's are safe, so we don't need to worry about a false .cab being inserted. =)
This is CAN-2004-0916
stable amd64
Please vote on GLSA...
I vote for no GLSA on this one.
voting for no GLSA too at least here we can vote today ;-)
OK then we close it.