crystalcursors
debpool
libdkim
libmail-dkim-perl
liboop
liboop-bad
libspf2
libtar
lsh
nettle
oidentd
pike
pike-old
pmk
prayer
prayer-err
pyscrabble
sa-exim
ssvnc
tvtime
x2vnc
zxid
Català-Valencià - Catalan
中文 - Chinese (Simplified)
中文 - Chinese (Traditional)
Česky - Czech
Dansk - Danish
Nederlands - Dutch
English - English
Suomi - Finnish
Français - French
Deutsch - German
עברית - Hebrew
हिंदी - Hindi
Magyar - Hungarian
Bahasa Indonesia - Indonesian
Italiano - Italian
日本語 - Japanese
한국어 - Korean
Македонски - Macedonian
मराठी - Marathi
Norsk - Norwegian
Polski - Polish
Português - Portuguese
Português - Portuguese (Brazil)
Русский - Russian
Slovenčina - Slovak
Slovenščina - Slovenian
Español - Spanish
Svenska - Swedish
Türkçe - Turkish
Українська - Ukrainian
Oëzbekcha - Uzbek
Subversion Repositories
(root)
/
trunk
/
debian
/
patches
/
CVE-2013-4420.patch
@ 43
- Rev 32
?revision_form?
Rev ?revision_input?
?revision_submit?
?revision_endform?
Show changed files
|
Details
|
Compare with Previous
|
Blame
|
RSS feed
Filtering Options
From rev
To rev
Max revs
Search history for
Show All
Rev
Age
Author
Path
Log message
Diff
32
3932d 09h
magnus
/trunk/debian/patches/
Add stdlib.h for malloc() in lib/decode.c
31
3932d 09h
magnus
/trunk/debian/
[SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
safer_name_suffix() function should certainly be applied to the
combination of it and the name field, not just on the name field.
24
3932d 11h
magnus
/trunk/debian/
[SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
pathname prefix containing ".." components (Closes: #731860). This is
done in th_get_pathname() (as well as to symlink targets when
extracting symlinks), not merely when extracting files, which means
applications calling that function will not see the stored
filename. There is no way to disable this behaviour, but it can be
expected that one will be provided when the issue is solved upstream.