rpm/tar
SHA256
1
0
Fork 0
forked from pool/tar
Code Pull Requests Activity
73 Commits 2 Branches 0 Tags 2.7 MiB
2a37f6b620
Commit Graph

2 Commits

Author SHA256 Message Date
Marcus Meissner
2e036aa0fa Accepting request 446474 from home:vitezslav_cizek:branches:Base:System 
- update tar-1.29-extract_pathname_bypass.patch to the upstream
  one that fixes POINTYFEATHER issue but it doesn't limit append or
  create operations as the initial patch did [bsc#1012633]
  [CVE-2016-6321]

OBS-URL: https://build.opensuse.org/request/show/446474
OBS-URL: https://build.opensuse.org/package/show/Base:System/tar?expand=0&rev=75
 2016-12-16 07:58:32 +00:00
Marcus Meissner
885805a010 Accepting request 439571 from home:kstreitova:branches:Base:System 
- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER
  vulnerability - GNU tar archiver can be tricked into extracting 
  files and directories in the given destination, regardless of the 
  path name(s) specified on the command line [bsc#1007188] 
  [CVE-2016-6321]

OBS-URL: https://build.opensuse.org/request/show/439571
OBS-URL: https://build.opensuse.org/package/show/Base:System/tar?expand=0&rev=73
 2016-11-10 22:20:00 +00:00