Subversion Repositories

?revision_form?
Rev ?revision_input??revision_submit?
?revision_endform?

Hide changed files | Details | Compare with Previous | Blame | RSS feed

Filtering Options

Rev Age Author Path Log message Diff Changes
32 3932d 15h magnus /trunk/debian/patches/ Add stdlib.h for malloc() in lib/decode.c  
/trunk/debian/patches/CVE-2013-4420.patch<br/>/trunk/debian/patches/no_maxpathlen.patch<br/>/trunk/debian/patches/no_static_buffers.patch
31 3932d 15h magnus /trunk/debian/ [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
safer_name_suffix() function should certainly be applied to the
combination of it and the name field, not just on the name field.
 
/trunk/debian/changelog<br/>/trunk/debian/patches/CVE-2013-4420.patch
24 3932d 17h magnus /trunk/debian/ [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
pathname prefix containing ".." components (Closes: #731860). This is
done in th_get_pathname() (as well as to symlink targets when
extracting symlinks), not merely when extracting files, which means
applications calling that function will not see the stored
filename. There is no way to disable this behaviour, but it can be
expected that one will be provided when the issue is solved upstream.
 
/trunk/debian/patches/CVE-2013-4420.patch
/trunk/debian/changelog<br/>/trunk/debian/patches/series