Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=f97a29de14855f9b548e224af373e877495f8f52
commit f97a29de14855f9b548e224af373e877495f8f52 Author: voroskoi <[EMAIL PROTECTED]> Date: Thu Sep 6 10:30:32 2007 +0200 FSA255-tar diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 791b804..3c8f571 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,18 @@ <fsas> <fsa> + <id>255</id> + <date>2007-09-06</date> + <author>voroskoi</author> + <package>tar</package> + <vulnerable>1.16.1-1</vulnerable> + <unaffected>1.16.1-2terminus1</unaffected> + <bts>http://bugs.frugalware.org/task/2376</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131</cve> + <desc>A vulnerability has been reported in GNU tar, which can be exploited by malicious people to compromise a user's system. + The vulnerability is caused due to an input validation error when extracting tar archives. This can be exploited to extract files to arbitrary locations outside the specified directory with the permissions of the user running GNU tar by using the "//.." directory traversal sequence in a specially crafted tar archive.</desc> + </fsa> + <fsa> <id>254</id> <date>2007-09-06</date> <author>voroskoi</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
