Processed: Re: Bug#642028: theunarchiver: directory traversal vulnerability

Processing commands for cont...@bugs.debian.org: > forwarded 642028 http://code.google.com/p/theunarchiver/issues/detail?id=392 Bug #642028 [theunarchiver] theunarchiver: directory traversal vulnerability Set Bug forwarded-to-address to 'http://code.google.com/p/theunarchiver/issues/detail?id=392

Bug#642028: theunarchiver: directory traversal vulnerability

forwarded 642028 http://code.google.com/p/theunarchiver/issues/detail?id=392 thanks Hi Jakub, On Sun, Sep 18, 2011 at 07:28:56PM +0200, Jakub Wilk wrote: > theunarchiver is affected by a directory traversal vulnerability. It > can be tricked by a specially crafted .tar file to unpack stuff into >

Bug#642028: theunarchiver: directory traversal vulnerability

* Jakub Wilk , 2011-09-18, 19:28: $ unar traversal.tar.gz Of course, I forgot the attachment... -- Jakub Wilk traversal.tar.gz Description: Binary data

Bug#642028: theunarchiver: directory traversal vulnerability

Package: theunarchiver Version: 2.7.1-1 Severity: grave Tags: security Justification: user security hole theunarchiver is affected by a directory traversal vulnerability. It can be tricked by a specially crafted .tar file to unpack stuff into an arbitrary directory. Proof of concept: $ ls -l