https://bugzilla.redhat.com/show_bug.cgi?id=1588760
--- Comment #12 from errata-xmlrpc ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2097 https://access.redhat.com/errata/RHSA-2019:2097
--
You are receiving this mail because:
You
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
errata-xmlrpc changed:
What|Removed |Added
External Bug ID||Red Hat Product Errata
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Bug 1588760 depends on bug 1588761, which changed state.
Bug 1588761 Summary: CVE-2018-12015 perl-Archive-Tar: perl: Directory traversal
in Archive::Tar [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1588761
What
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
--- Doc Text *updated* by Eric Christensen ---
It was found that the Archive::Tar module did not properly sanitize symbolic
links when extracting tar archives. An attacker, able to provide a specially
crafted archive for processing, could
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
--- Comment #11 from Cedric Buissart ---
Upstream fix:
https://github.com/jib/archive-tar-new/commit/ae65651eab05
--
You are receiving this mail because:
You are on the CC list for the bug.
___
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Depends On||1592804, 1592806, 1592803,
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Priority|low |medium
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
--- Comment #9 from Fedora Update System ---
perl-Archive-Tar-2.28-1.fc28 has been pushed to the Fedora 28 stable
repository. If problems still persist, please make note of it in this bug
report.
--
You are receiving this mail because:
You
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
--- Comment #8 from Fedora Update System ---
perl-Archive-Tar-2.28-1.fc27 has been pushed to the Fedora 27 stable
repository. If problems still persist, please make note of it in this bug
report.
--
You are receiving this mail because:
You
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Bug 1588760 depends on bug 1591205, which changed state.
Bug 1591205 Summary: CVE-2018-12015 perl-Archive-Tar: perl: Directory traversal
in Archive::Tar [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1591205
What
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Whiteboard|impact=low,public=20180607, |impact=low,public=20180607,
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Fixed In Version||perl-Archive-Tar 2.28
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Whiteboard|impact=low,public=20180607, |impact=low,public=20180607,
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Depends On||1591205
--- Comment #5 from Cedric
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Whiteboard|impact=low,public=20180607, |impact=low,public=20180607,
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
--- Comment #4 from Petr Pisar ---
(In reply to Cedric Buissart from comment #3)
> However, it seems that RHEL-5 also provides perl-Archive-Tar as
> source (i.e.: only RHEL-6 has Archive::Tar merged into perl source)
You are right. RHEL-5
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
CC||cbuis...@redhat.com
--- Comment #3
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
CC|iarn...@gmail.com, |caol...@redhat.com,
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
--- Comment #2 from Petr Pisar ---
Please note that all Fedoras, RHSCLs and RHEL ≥ 7 do not provide Archive::Tar
module by perl source package, but by perl-Archive-Tar source package.
--
You are receiving this mail because:
You are on the
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Cedric Buissart changed:
What|Removed |Added
Whiteboard|impact=low,public=20180607, |impact=low,public=20180607,
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Petr Pisar changed:
What|Removed |Added
External Bug ID||CPAN 125523
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Pedro Sampaio changed:
What|Removed |Added
Blocks||1588762
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Pedro Sampaio changed:
What|Removed |Added
CC||hho...@redhat.com,
|
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Pedro Sampaio changed:
What|Removed |Added
Whiteboard|impact=low,public=20180607, |impact=low,public=20180607,
https://bugzilla.redhat.com/show_bug.cgi?id=1588760
Pedro Sampaio changed:
What|Removed |Added
Depends On||1588761
--- Comment #1 from Pedro
27 matches
Mail list logo