On Mon, Feb 02, 2015 at 07:12:03PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> Additional reference: SUSE used the patch attached to
> https://marc.info/?l=oss-security&m=142289947619786&w=2
Anibal, can you please upload a fixed package?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to deb
Hi,
Additional reference: SUSE used the patch attached to
https://marc.info/?l=oss-security&m=142289947619786&w=2
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Control: retitle -1 cpio: CVE-2015-1197: directory traversal
Hi,
This issue has been assigned CVE-2015-1197 by MITRE.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi Vasyl,
On Wed, 7 Jan 2015 15:43:54 +0100 Vasyl Kaigorodov
wrote:
My quick test shows that with the proper filesystem permissions no
harm could be done:
$ pwd
/home/vk/cpio
$ ls -lad /home/postgres/
drwx-- 4 postgres postgres 4096 May 21 2014 /home/postgres/
$ ln -s /home/postgres/.moz
Hi Alexander,
My quick test shows that with the proper filesystem permissions no
harm could be done:
$ pwd
/home/vk/cpio
$ ls -lad /home/postgres/
drwx-- 4 postgres postgres 4096 May 21 2014 /home/postgres/
$ ln -s /home/postgres/.mozilla dir
...
$ cpio --no-absolute-filenames -ivF test.cpio
Package: cpio
Version: 2.11+dfsg-0.1+deb7u1
Tags: security
cpio is susceptible to a directory traversal vulnerability. While
extracting an archive, it will extract symlinks and then follow them if
they are referenced in further entries. This can be exploited by a rogue
archive to write files o
6 matches
Mail list logo
