Summary: | <app-arch/xz-utils-5.2.5-r2: Incorrect escaping for filenames in zgrep | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 837158 | ||
Bug Blocks: | 837143 |
Description
Sam James
2022-04-07 18:05:57 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5e1e0856c8c0fd62343a53590e2f29266a85d54 commit f5e1e0856c8c0fd62343a53590e2f29266a85d54 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-04-07 18:10:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-04-07 18:10:32 +0000 app-arch/xz-utils: patch xzgrep vulnerability (ZDI-CAN-16587) Bug: https://bugs.gentoo.org/837155 Signed-off-by: Sam James <sam@gentoo.org> .../xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch | 88 +++++++++++++++ app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild | 118 +++++++++++++++++++++ 2 files changed, 206 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=142c539cc4c68c3dc0a3c55f8a7996f7a5b3c3d6 commit 142c539cc4c68c3dc0a3c55f8a7996f7a5b3c3d6 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-07 02:51:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-07 02:58:05 +0000 [ GLSA 202209-01 ] GNU Gzip, XZ Utils: Arbitrary file write Bug: https://bugs.gentoo.org/837152 Bug: https://bugs.gentoo.org/837155 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-01.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) GLSA released, all done! |