Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory

To: 802702@bugs.debian.org, Chris Lamb <lamby@debian.org>, Ben Hutchings <ben@decadent.org.uk>, Henri Salo <henri@nerv.fi>
Subject: Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
From: Petter Reinholdtsen <pere@hungry.com>
Date: Fri, 30 Sep 2016 07:41:17 +0200
Message-id: <[🔎] 20160930054117.GA30391@diskless.uio.no>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 802702@bugs.debian.org
In-reply-to: <1467205078.2797928.651917073.2CB466BB@webmail.messagingengine.com>
References: <1447174316.2101723.435141297.4D521B6E@webmail.messagingengine.com> <20160629062943.GA27671@diskless.uio.no> <1467185439.2731493.651661161.583AA4F7@webmail.messagingengine.com> <2fleg7g5qyq.fsf@diskless.uio.no> <1467204665.2551.115.camel@decadent.org.uk> <1467205078.2797928.651917073.2CB466BB@webmail.messagingengine.com>

For the record, this issue is still flagged as unsolved upstream. :(
No activity in the bug tracker there since 2015 when Chris added the
last comment.
-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Prev by Date: Re: netcfg: supposed to use use_autoconfig, or disable_autoconfig? [Was: Bug#838948: [patch] preseed appendix of d-i manual: use_autoconfig]
Next by Date: Processed: merging 839046 839162
Previous by thread: Bug#839162: Enabled merged-/usr by default
Next by thread: Processed: merging 839046 839162
Index(es):
- Date
- Thread