Hi, * Pawel Wiecek <[EMAIL PROTECTED]> [2007-09-01 04:00]: > On Aug 31, 2:23pm, Nico Golde wrote: > > this. The attached patch fixes the issue. I edited the=20 > > Obviously you're talking about the patch you *didn't* attach, yes?
Thanks! Attached. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nurad star-1.5a67~/debian/changelog star-1.5a67/debian/changelog --- star-1.5a67~/debian/changelog 2007-08-31 14:15:51.000000000 +0200 +++ star-1.5a67/debian/changelog 2007-08-31 14:18:28.000000000 +0200 @@ -1,3 +1,11 @@ +star (1.5a67-1.1) unstable; urgency=high + + * Non-maintainer upload by testing security team. + * Fix directory traversal vulnerability in extract.c + (CVE-2007-4134) (Closes: #440100). + + -- Nico Golde <[EMAIL PROTECTED]> Fri, 31 Aug 2007 14:17:39 +0200 + star (1.5a67-1) unstable; urgency=low * New upstream version diff -Nurad star-1.5a67~/star/extract.c star-1.5a67/star/extract.c --- star-1.5a67~/star/extract.c 2007-08-31 14:15:51.000000000 +0200 +++ star-1.5a67/star/extract.c 2007-08-31 14:17:29.000000000 +0200 @@ -1643,6 +1643,8 @@ return (FALSE); } while (*p != '/'); p++; + while (*p == '/') /* Skip multiple slashes */ + p++; } return (FALSE); }
pgpV028ypKUYb.pgp
Description: PGP signature
