crystalcursorsdebpoollibdkimlibmail-dkim-perlliboopliboop-badlibspf2libtarlshnettleoidentdpikepike-oldpmkprayerprayer-errpyscrabblesa-eximssvnctvtimex2vnczxid

Català-Valencià - Catalan中文 - Chinese (Simplified)中文 - Chinese (Traditional)Česky - CzechDansk - DanishNederlands - DutchEnglish - EnglishSuomi - FinnishFrançais - FrenchDeutsch - Germanעברית - Hebrewहिंदी - HindiMagyar - HungarianBahasa Indonesia - IndonesianItaliano - Italian日本語 - Japanese한국어 - KoreanМакедонски - Macedonianमराठी - MarathiNorsk - NorwegianPolski - PolishPortuguês - PortuguesePortuguês - Portuguese (Brazil)Русский - RussianSlovenčina - SlovakSlovenščina - SlovenianEspañol - SpanishSvenska - SwedishTürkçe - TurkishУкраїнська - UkrainianOëzbekcha - Uzbek

?revision_form??revision_endform?

Last modification

• Rev 24 2014-02-15 21:44:50
• Author: magnus

• Log message:

  [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
  pathname prefix containing ".." components (Closes: #731860). This is
  done in th_get_pathname() (as well as to symlink targets when
  extracting symlinks), not merely when extracting files, which means
  applications calling that function will not see the stored
  filename. There is no way to disable this behaviour, but it can be
  expected that one will be provided when the issue is solved upstream.

Path	Last modification			Log	RSS
branches/	21	4398d 00h	magnus	Log	RSS
tags/	22	4398d 00h	magnus	Log	RSS
trunk/	24	4269d 21h	magnus	Log	RSS
debian/	24	4269d 21h	magnus	Log	RSS
patches/	24	4269d 21h	magnus	Log	RSS
CVE-2013-4420.patch	24	4269d 21h	magnus	Log	RSS
no_maxpathlen.patch	23	4271d 21h	magnus	Log	RSS
no_static_buffers.patch	23	4271d 21h	magnus	Log	RSS
series	24	4269d 21h	magnus	Log	RSS
source/	5	5020d 22h	magnus	Log	RSS