-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : extplorer Version : 2.1.0b6+dfsg.3-4+deb7u4 CVE ID : CVE-2016-4313
It was discovered that there was an archive traversal exploit in eXtplorer, a web-based file manager. The unzip/extract feature allowed for path traversal as decompressed files can be placed outside of the intended target directory if the archive content contained "../" characters. For Debian 7 "Wheezy", this issue has been fixed in extplorer version 2.1.0b6+dfsg.3-4+deb7u4. We recommend that you upgrade your extplorer packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXskJOAAoJEB6VPifUMR5Y7FsP/Ap8+dtoh5Cu6V4kzEJytxl5 Uh5/vS5wU/IeP6sl7qSlfcWQTAksMFqi1A/DVWyQe4yQ894AK71oYqH2pdiDen1o 4KuuiS0SyWPUnQDMjuKJyhuTUglf8OEZWlqqaZl6CSBV/bD2aMvUCY/3rVb1gSzZ pVSP8FthxnBGN3ryATgTfRaZ7QGfL9Xy1sUB5kMJUkk2ThldTGyneCgUO+nrSMsa Zd467RFBCWmch5eyOfDKOiSZi32+8IcyleMYwFI+A97WNmtbjQAFzQAjxeN0aLtw 3GE+2qsSPBh0WETMX+23kMbQUkR9W9H5CXCHBgxonvB7iXL574iaDChYdQ0T8MTR uiBnb5lC6J2mPfwGaTHKGW6vK25yo7OAwfy/N5mwz4Sk+A4l/AQHPCUVThQSgLu0 FMgkKhOLCO2zf7BM9yYLWvOkx/HQc73PohUZPafG15J2KLCTizbbw2JDz3CaA6/R a18Oog7EAJ7xk+y6aKWlxOjtLn+i1rJPrSKIVLyjce98Z8U4v/pXtZehamMpixD5 Uq7W1cemUCoirdA2hvs8DTV2ZHAtUEGZl0T0ZR5D4oi6NtuDUXzGenkYwlsK1gSn tmy1Q7QPG9Vm6l6+aZsRnLOPKfpniDJ7kpXBFdsjlnpUuUn0NtJ+f+MqWIvltN85 JFCAg5yEd7d6ahRBBAmF =w8ij -----END PGP SIGNATURE-----