Summary: | <dev-php/PEAR-Archive_Tar-1.4.6: Path traversal vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | php-bugs |
Priority: | Normal | Keywords: | ALLARCHES, CC-ARCHES |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/pear/Archive_Tar/commit/86f8afb6a11ea863ebc0dc676367a19ffa31139d | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=675576 | ||
Whiteboard: | B4 [stable] | ||
Package list: |
=dev-php/PEAR-Archive_Tar-1.4.9
|
Runtime testing required: | --- |
Description
Sam James
2020-05-22 01:43:50 UTC
Note that 1.4.9 includes a hardening option to disable symlinks: https://github.com/pear/Archive_Tar/commit/749b18742ba1beb1d4586cabc87443d29c97dbbd ---- @maintainer(s), please advise if ready for stabilisation or call yourself. Possibly of 1.4.9. I'll go ahead in a few days if no objections. Unable to check for sanity:
> no match for package: =dev-php/PEAR-Archive_Tar-1.4.6
arm stable ppc stable ppc64 stable sparc stable x86 stable amd64 stable The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e2e9ffc7ea538167dfcdfcad266ca8e1c0d67a9 commit 1e2e9ffc7ea538167dfcdfcad266ca8e1c0d67a9 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2020-06-08 16:09:33 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-06-08 16:43:41 +0000 dev-php/PEAR-Archive_Tar: stable 1.4.9 for hppa under ALLARCHES Closes: https://bugs.gentoo.org/724520 Package-Manager: Portage-2.3.99, Repoman-2.3.22 RepoMan-Options: --include-arches="hppa" Signed-off-by: Rolf Eike Beer <eike@sf-mail.de> Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-php/PEAR-Archive_Tar/PEAR-Archive_Tar-1.4.9.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) |