Hi. I was comparing the /usr/src/UPDATING file on RELENG_4_5,
4_6 and 4_7, and I noticed that there is a fix for a tar bug in
the 4.7 pX releases, but not in 4.6.2-pX and 4.5-pX.
4.5: (also 4.6.2 p3)
20021023: p21 FreeBSD-SA-02:40.kadmind
Correct kadmind buffer overflow.
4.7:
20021023: p1 FreeBSD-SA-02:40.kadmind
Correct bug in the tar(1) contains_dot_dot function allowing
files to be extracted outside the intended directory tree.
Correct kadmind buffer overflow.
Do I need to update this manually for my < 4.7 systems? I see there was
a bit of discussion on the security list at the time, but I can't see
much more about it.
I don't see why it can be worth fixing for 4.7 and not for anything
else, given how widely used the tar utility is. I don't particularly
mind fixing it myself, but it seems odd that this is a critical fix in
one release and a feature in others. Is anyone likely to be using this
as a feature in earlier releases?
Bill.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
