(root)/branches/ - Rev 49
?revision_form?
Rev ?revision_input??revision_submit?
?revision_endform?
Rev 27 |
Last modification |
Compare with Previous |
View Log
| RSS feed
Last modification
- Rev 49 2014-02-16 19:12:41
- Author: magnus
- Log message:
- [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
pathname prefix containing ".." components (Closes: #731860). This is
done in th_get_pathname() (as well as to symlink targets when
extracting symlinks), not merely when extracting files, which means
applications calling that function will not see the stored
filename. There is no way to disable this behaviour, but it can be
expected that one will be provided when the issue is solved upstream.