This bug was fixed in the package fastjar - 2:0.98-1ubuntu0.10.04.1 --------------- fastjar (2:0.98-1ubuntu0.10.04.1) lucid-security; urgency=low
* SECURITY UPDATE: directory traversal vulnerabilities (LP: #540575) - jartool.c (extract_jar): Fix up checks for traversal to parent directories, disallow absolute paths, make the code slightly more efficient. (patch from trunk) - CVE-2010-0831 * Additional patches from the trunk: - jartool.c (read_entries): Properly zero-terminate filename. - jartool.c (add_file_to_jar): Fix write return value check. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 18 Jun 2010 08:20:03 -0400 ** Changed in: fastjar (Ubuntu Lucid) Status: Confirmed => Fix Released ** Changed in: fastjar (Ubuntu Karmic) Status: Confirmed => Fix Released -- Directory traversal vulnerabilities https://bugs.launchpad.net/bugs/540575 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs