Package: star Version: 1.5a67-1 Severity: grave Tags: security Justification: user security hole
A vulnerability has been found in star. From CVE-2007-4558: "Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive." This is fixed in 1.5a84. Please mention the CVE id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
