?revision_form?
Rev ?revision_input??revision_submit?
?revision_endform?
	Rev 23 |
	Rev 30 |
	Go to most recent revision |
	Last modification |
	Compare with Previous |
	View Log
    | RSS feed
Last modification
  
    - Rev 24 2014-02-15 21:44:50
- Author: magnus
- Log message:
- [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
 pathname prefix containing ".." components (Closes: #731860). This is
 done in th_get_pathname() (as well as to symlink targets when
 extracting symlinks), not merely when extracting files, which means
 applications calling that function will not see the stored
 filename. There is no way to disable this behaviour, but it can be
 expected that one will be provided when the issue is solved upstream.