On 13 February 2014 19:23, Magnus Holmgren wrote:
> tisdagen den 11 februari 2014 11.26.15 skrev du:
>> On 9 February 2014 22:08, Magnus Holmgren wrote:
>> > The first "if" should be a "while", shouldn't it? Otherwise we'll only
>> > skip
>> > over the first "../" if file_name starts with "../../
tisdagen den 11 februari 2014 11.26.15 skrev du:
> On 9 February 2014 22:08, Magnus Holmgren wrote:
> > The first "if" should be a "while", shouldn't it? Otherwise we'll only
> > skip
> > over the first "../" if file_name starts with "../../", if I'm not
> > mistaken.
> That's handled by the while
Hi,
On 9 February 2014 22:08, Magnus Holmgren wrote:
> The first "if" should be a "while", shouldn't it? Otherwise we'll only skip
> over the first "../" if file_name starts with "../../", if I'm not mistaken.
That's handled by the while loop right after the if. Attached test
case contains an en
tisdagen den 10 december 2013 16.27.32 skrev du:
> CVE-2013-4420[0]:
> tar_extract_glob and tar_extract_all path prefix directory traversal
>
> Attached is a proposed patch that makes libtar work similarly to tar.
The first "if" should be a "while", shouldn't it? Otherwise we'll only skip
over t
Source: libtar
Severity: grave
Tags: security
Hi,
the following vulnerability was published for libtar.
CVE-2013-4420[0]:
tar_extract_glob and tar_extract_all path prefix directory traversal
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures
5 matches
Mail list logo
