Menu
▾
▴
Re: [fink-core] tar vulnerability
|
From: Daniel M. <dm...@ne...> - 2007-10-21 00:57:59
|
Seems reasonable to me. dan On Sat, Oct 20, 2007 at 06:20:20PM +0900, Tomoaki Okayama wrote: > Hello, > > I found a directory traversal vulnerability of tar, i.e. CVE-2007-4131. > Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131 > > The patch for this problem can be got from > http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch . > > Please apply it to tar in 10.3/unstable and 10.4/unstable. > > Thanks, > Tomoaki Okayama > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > fink-core mailing list > fin...@li... > http://news.gmane.org/gmane.os.apple.fink.core -- Daniel Macks dm...@ne... http://www.netspace.org/~dmacks |