Bug#842339: [PATCH] When extracting, skip ".." members

Sat, 05 Nov 2016 09:33:54 -0700 

Date: Sat, 29 Oct 2016 21:04:40 -0700
>From: Paul Eggert <egg...@penguin.cs.ucla.edu>
>-------------
>Body: ur-type{attachments=[]; body=Package: tar
>Version: 1.29b-1
>Severity: grave
>Tags: security
>
>This has been assigned CVE-2016-6321:
>https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
>
>Cheers,
>        Moritz
>
>; header=Received: (at submit) by bugs.debian.org; 28 Oct 2016 08:27:14
0000
>From j...@debian.org Fri Oct 28 08:27:14 2016
>X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02
> (2014-02-07) on buxtehude.debian.org
>X-Spam-Level:
>X-Spam-Status: No, score=-12.4 required=4.0 tests=BAYES_00,FROMDEVELOPER,
> HAS_PACKAGE,ONEWORD,RCVD_IN_DNSWL_MED,URIBL_CNKR,XMAILER_REPORTBUG,
> X_DEBBUGS_CC autolearn=ham autolearn_force=no
> version=3.4.0-bugs.debian.org_2005_01_02
>X-Spam-Bayes: score:0.0000 Tokens: new, 24; hammy, 84; neutral, 25;
spammy, 0.
> spammytokens: hammytokens:0.000- --H*x:6.6.6, 0.000- --H*UA:6.6.6,
> 0.000- --H*M:reportbug, 0.000- --H*MI:reportbug, 0.000- --H*x:reportbug
>Return-path: <j...@debian.org>
>Received: from inutil.org ([83.151.30.8])
> by buxtehude.debian.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256)
> (Exim 4.84_2)
> (envelope-from <j...@debian.org>)
> id 1c02VN-000643-Pb
> for sub...@bugs.debian.org; Fri, 28 Oct 2016 08:27:13  0000
>Received: from dyndsl-095-033-044-233.ewe-ip-backbone.de ([95.33.44.233]
helo=pisco.westfalen.local)
> by inutil.org with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
> (Exim 4.72)
> (envelope-from <j...@debian.org>)
> id 1c02VK-0003Vz-HE; Fri, 28 Oct 2016 10:27:10  0200
>Received: from jmm by pisco.westfalen.local with local (Exim 4.87)
> (envelope-from <j...@debian.org>)
> id 1c02VJ-0006bv-1e; Fri, 28 Oct 2016 10:27:09  0200
>Content-Type: text/plain; charset="us-ascii"
>MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit
>From: Moritz Muehlenhoff <j...@debian.org>
>To: Debian Bug Tracking System <sub...@bugs.debian.org>
>Subject: CVE-2016-6321
>Message-ID:
<147764322902.25315.15378751384226787950.reportbug@pisco.westfalen.local>
>X-Mailer: reportbug 6.6.6
>Date: Fri, 28 Oct 2016 10:27:09  0200
>X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>,
> Debian Testing Security Team
> <secure-testing-t...@lists.alioth.debian.org>
>X-SA-Exim-Connect-IP: 95.33.44.233
>X-SA-Exim-Mail-From: j...@debian.org
>X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false
>Delivered-To: sub...@bugs.debian.org

Reply via email to