[Secure-testing-commits] r45758 - data/CVE

Sat Oct 29 21:55:02 UTC 2016

Author: anarcat
Date: 2016-10-29 21:55:02 +0000 (Sat, 29 Oct 2016)
New Revision: 45758

Modified:
   data/CVE/list
Log:
Summary: link to my patch for tar


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-10-29 21:53:41 UTC (rev 45757)
+++ data/CVE/list	2016-10-29 21:55:02 UTC (rev 45758)
@@ -8219,7 +8219,7 @@
 	- tar <unfixed> (bug #842339)
 	NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
 	NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
-	NOTE: Proposed patch: https://sintonen.fi/advisories/tar-extract-pathname-bypass.patch
+	NOTE: Proposed patch: https://lists.debian.org/debian-lts/2016/10/msg00206.html
 CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)


