Control: severity -1 serious
Rationale: The package is currently without maintainer (QA
maintained) and has this open for several years. Thus either for
buster the issue is fixed or not included.
Alternatively, but has still high popcon, remove zoo from the archive?
Regards,
Salvatore
* Jakub Wilk , 2015-01-02, 23:16:
Either the fix for CVE-2005-2349 (bug #309594) wasn't complete, or it
bit-rotted, because Zoo is still susceptible to directory traversal:
To clarify, #309594 discussed only relative path traversal (via ".."
sequences), but AFAICS the patch[0] tries to address
Package: zoo
Version: 2.10-27+b1
Tags: security
Either the fix for CVE-2005-2349 (bug #309594) wasn't complete, or it
bit-rotted, because Zoo is still susceptible to directory traversal:
$ pwd
/home/jwilk
$ zoo x traversal.zoo
Zoo: /tmp/moo -- extracted
$ ls -l /tmp/moo
-rw-r--r-- 1 j
3 matches
Mail list logo
