crystalcursors
debpool
libdkim
libmail-dkim-perl
liboop
liboop-bad
libspf2
libtar
lsh
nettle
oidentd
pike
pike-old
pmk
prayer
prayer-err
pyscrabble
sa-exim
ssvnc
tvtime
x2vnc
zxid
Català-Valencià - Catalan
中文 - Chinese (Simplified)
中文 - Chinese (Traditional)
Česky - Czech
Dansk - Danish
Nederlands - Dutch
English - English
Suomi - Finnish
Français - French
Deutsch - German
עברית - Hebrew
हिंदी - Hindi
Magyar - Hungarian
Bahasa Indonesia - Indonesian
Italiano - Italian
日本語 - Japanese
한국어 - Korean
Македонски - Macedonian
मराठी - Marathi
Norsk - Norwegian
Polski - Polish
Português - Portuguese
Português - Portuguese (Brazil)
Русский - Russian
Slovenčina - Slovak
Slovenščina - Slovenian
Español - Spanish
Svenska - Swedish
Türkçe - Turkish
Українська - Ukrainian
Oëzbekcha - Uzbek
Subversion Repositories
(root)
/
branches
/
wheezy
/
debian
/
patches
/
CVE-2013-4420.patch
@ 42
- Rev 35
?revision_form?
Rev ?revision_input?
?revision_submit?
?revision_endform?
Show changed files
|
Details
|
Compare with Previous
|
Blame
|
RSS feed
Filtering Options
From rev
To rev
Max revs
Search history for
Show All
Rev
Age
Author
Path
Log message
Diff
35
3939d 09h
magnus
/branches/wheezy/debian/
[SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
pathname prefix containing ".." components (Closes: #731860). This is
done in th_get_pathname() (as well as to symlink targets when
extracting symlinks), not merely when extracting files, which means
applications calling that function will not see the stored
filename. There is no way to disable this behaviour, but it can be
expected that one will be provided when the issue is solved upstream.