crystalcursorsdebpoollibdkimlibmail-dkim-perlliboopliboop-badlibspf2libtarlshnettleoidentdpikepike-oldpmkprayerprayer-errpyscrabblesa-eximssvnctvtimex2vnczxid

Català-Valencià - Catalan中文 - Chinese (Simplified)中文 - Chinese (Traditional)Česky - CzechDansk - DanishNederlands - DutchEnglish - EnglishSuomi - FinnishFrançais - FrenchDeutsch - Germanעברית - Hebrewहिंदी - HindiMagyar - HungarianBahasa Indonesia - IndonesianItaliano - Italian日本語 - Japanese한국어 - KoreanМакедонски - Macedonianमराठी - MarathiNorsk - NorwegianPolski - PolishPortuguês - PortuguesePortuguês - Portuguese (Brazil)Русский - RussianSlovenčina - SlovakSlovenščina - SlovenianEspañol - SpanishSvenska - SwedishTürkçe - TurkishУкраїнська - UkrainianOëzbekcha - Uzbek

?revision_form??revision_endform?

Last modification

• Rev 24 2014-02-15 21:44:50
• Author: magnus

• Log message:

  [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
  pathname prefix containing ".." components (Closes: #731860). This is
  done in th_get_pathname() (as well as to symlink targets when
  extracting symlinks), not merely when extracting files, which means
  applications calling that function will not see the stored
  filename. There is no way to disable this behaviour, but it can be
  expected that one will be provided when the issue is solved upstream.

Path	Last modification			Log	RSS
branches/	21	4039d 06h	magnus	Log	RSS
tags/	22	4039d 06h	magnus	Log	RSS
trunk/	24	3911d 03h	magnus	Log	RSS
debian/	24	3911d 03h	magnus	Log	RSS