Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 474574 Details for
Bug 620012
app-arch/tar-1.29-r1 CVE-2016-6321
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
tar-1.29-r1-CVE-2016-6321.diff
tar-1.29-r1-CVE-2016-6321.diff (text/plain), 1.16 KB, created by
Andrey Ovcharov
on 2017-05-28 12:20:56 UTC
(
hide
)
Description:
tar-1.29-r1-CVE-2016-6321.diff
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2017-05-28 12:20:56 UTC
Size:
1.16 KB
patch
obsolete
>Upstream: https://sources.debian.net/src/tar/1.29b-1.1/debian/patches/When-extracting-skip-.-members.patch/ >Security: CVE-2016-6321 > >Description: When extracting, skip ".." members (CVE-2016-6321) >Origin: upstream, http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d >Bug-Debian: https://bugs.debian.org/842339 >Forwarded: not-needed. >Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> >Last-Update: 2016-10-30 >--- > src/extract.c | 8 ++++++++ > 2 files changed, 15 insertions(+), 1 deletion(-) > >--- a/src/extract.c >+++ b/src/extract.c >@@ -1629,12 +1629,20 @@ extract_archive (void) > { > char typeflag; > tar_extractor_t fun; >+ bool skip_dotdot_name; > > fatal_exit_hook = extract_finish; > > set_next_block_after (current_header); > >+ skip_dotdot_name = (!absolute_names_option >+ && contains_dot_dot (current_stat_info.orig_file_name)); >+ if (skip_dotdot_name) >+ ERROR ((0, 0, _("%s: Member name contains '..'"), >+ quotearg_colon (current_stat_info.orig_file_name))); >+ > if (!current_stat_info.file_name[0] >+ || skip_dotdot_name > || (interactive_option > && !confirm ("extract", current_stat_info.file_name))) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=474574">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 620012
: 474574
