tag 440097 - security severity 440097 important tag 440099 - security severity 440099 important thanks
upstream doesn't see this as a security issue; I don't mind mentioning the CVE for a fix, once a patch is available in the upstream repositories. Stefan Fritsch writes: > Package: python2.4 > Version: 2.4.4-3 > Severity: grave > Tags: security > Justification: user security hole > > A vulnerability has been found in the python tarfile module. > >From CVE-2007-4559: > > > "Directory traversal vulnerability in the (1) extract and (2) extractall > functions in the tarfile module in Python allows user-assisted remote > attackers > to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR > archive, a related issue to CVE-2001-1267." > > Please mention the CVE id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
