-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sébastien Le Ray wrote: > Thijs Kinkhorst <[email protected]> a écrit : >> CVE-2008-5658 >> >> Directory traversal vulnerability in the ZipArchive::extractTo >> function allows attackers to write arbitrary files via a ZIP file >> with a file whose name contains .. (dot dot) sequences. >> > > Hi,
Hi, > > It seems that there were some side effects. Since the upgrade we've PHP > crashes with: > *** glibc detected *** double free or corruption (fasttop): 0x08718200 > *** > > The crash occurs inside the extractTo function, please tell me if you > need any additional information. > Could you please provide us with the zip's files listing (i.e. the output of unzip -l)? That would help us reproduce and fix it. Kind regards, - -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoDDcUACgkQYy49rUbZzlrC+QCggRg/soVtN1NZnYPZKugad4lT wB8Anjms7X63NJDyhR4Y1ttFyWMjPZ3S =WmZr -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
