[Secure-testing-commits] r45793 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 31 13:17:58 UTC 2016
Author: carnil
Date: 2016-10-31 13:17:58 +0000 (Mon, 31 Oct 2016)
New Revision: 45793
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2016-6321/tar
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-31 13:09:52 UTC (rev 45792)
+++ data/CVE/list 2016-10-31 13:17:58 UTC (rev 45793)
@@ -8252,7 +8252,7 @@
NOT-FOR-US: ovirt-engine
CVE-2016-6321 [Bypassing the extract path name]
RESERVED
- - tar <unfixed> (bug #842339)
+ - tar 1.29b-1.1 (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
NOTE: Proposed patch by Antoine Beaupre: https://lists.debian.org/debian-lts/2016/10/msg00206.html
More information about the Secure-testing-commits
mailing list