Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory

To: Petter Reinholdtsen <pere@hungry.com>, Henri Salo <henri@nerv.fi>, 802702@bugs.debian.org
Subject: Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
From: Chris Lamb <lamby@debian.org>
Date: Wed, 29 Jun 2016 08:30:39 +0100
Message-id: <[🔎] 1467185439.2731493.651661161.583AA4F7@webmail.messagingengine.com>
Reply-to: Chris Lamb <lamby@debian.org>, 802702@bugs.debian.org
In-reply-to: <[🔎] 20160629062943.GA27671@diskless.uio.no>
References: <1447174316.2101723.435141297.4D521B6E@webmail.messagingengine.com> <[🔎] 20160629062943.GA27671@diskless.uio.no>

> Any idea why the resolution of this issue did not move any further?  I notice from
> the upstream tracker that hardlinks might be a problem too.

Indeed, the hardlink part was blocking it.

IIRC it was deemed to be low-priority from an LTS point of view so/and I could not justify spending more time on it then. Happy to look again if there is a more urgent requirement.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
  - From: Petter Reinholdtsen <pere@hungry.com>

References:
- Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
  - From: Petter Reinholdtsen <pere@hungry.com>