"Tar.php in Archive_Tar through 1.4.13 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2021-32610."
This is actually a fix of the fix for CVE-2020-36193
Is this fixed in Archive_Tar?
Package list is empty or all packages have requested keywords.
ping, ready to stable?
(In reply to Sam James from comment #11) > ping, ready to stable? Yes that's fine
ALLARCHES stable.
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73fab5f94d217f525340e886f2637ade8e0907ef commit 73fab5f94d217f525340e886f2637ade8e0907ef Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2021-08-13 19:26:47 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2021-08-13 19:27:54 +0000 dev-php/PEAR-Archive_Tar: Drop old Bug: https://bugs.gentoo.org/803227 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-php/PEAR-Archive_Tar/Manifest | 2 - .../PEAR-Archive_Tar-1.4.12.ebuild | 50 ---------------------- .../PEAR-Archive_Tar-1.4.13.ebuild | 50 ---------------------- 3 files changed, 102 deletions(-)
Thank you!