On Thu, Jan 30, 2014 at 09:06:38PM +0100, Jakub Wilk wrote:
> A malicious .orig.tar file can trick uupdate into patching files
> outside the source package directory. Proof of concept:
Thanks for the report and PoC.
Looking into it some, below is my understanding of the issue and
concerns on fixi
Le 12 févr. 2014 15:41, "Andreas Tille" a écrit :
>
> Hi,
>
> On Wed, Feb 12, 2014 at 04:11:41PM +0900, Charles Plessy wrote:
> > Le Wed, Feb 12, 2014 at 12:06:42AM -0500, James McCoy a écrit :
> > >
> > > That being said, I don't have access to most of the packages. Even
if I
> > > did, it feels
