The patch to fix this issue was added to rpm-4.4.3 and remains in @rpm5.org code since 2005.
The @rpm.org code base was based on rpm-4.4.2 and part of the patch (from OpenSuSE) was dropped when backported. Upgrading to rpm-4.8.1 will fix CVS-2010-2191. ** Bug watch added: Mandriva Linux #60463 http://qa.mandriva.com/show_bug.cgi?id=60463 -- app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199}) https://bugs.launchpad.net/bugs/634183 You received this bug notification because you are a member of Registry Administrators, which is the registrant for Mandriva. _______________________________________________ Mailing list: https://launchpad.net/~registry Post to : [email protected] Unsubscribe : https://launchpad.net/~registry More help : https://help.launchpad.net/ListHelp
