-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List,
Some time ago I asked for a security contact at tar and cpio bug mailing list. The response was: Sergey Poznyakoff wrote: > halfdog <[email protected]> ha escrit: > ... >> If not, is there someone to contact for security issues in cpio and >> tar? > > For all issues regarding GNU tar, please write to this list > (i.e. <[email protected]>). For anything regarding GNU cpio, write to > <[email protected]>. > > Regards, > Sergey Since I did not want to post bug description and exploit to public mailing list, I sent messages to Sergey directly, but it seems, that they did not reach him or he did not reply to it. 201005010942-MailToSergeyPoznyakoff-TarBug.eml 201005071927-MailToSergeyPohnyakoff-TarBugInformationAndExploit.eml 201008120635-MailToSergeyPoznyakoff-SecurityIssue.eml Is there someone who still would want to fix the problem? Otherwise standard (full) disclosure will be 2010-08-30, I will then post bug description and POC to this list also. - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFMa6uJxFmThv7tq+4RAg+7AKCHM0WuzdT0kDJHfSGJkvW1l8nJRgCghaGd VWCdpGNwoKfaQ/3yuMkzIKQ= =b4dU -----END PGP SIGNATURE-----
