[SECURITY] [DLA 596-1] extplorer security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : extplorer
Version : 2.1.0b6+dfsg.3-4+deb7u4
CVE ID : CVE-2016-4313
It was discovered that there was an archive traversal exploit in eXtplorer,
a web-based file manager.
The unzip/extract feature allowed for path traversal as decompressed files
can be placed outside of the intended target directory if the archive
content contained "../" characters.
For Debian 7 "Wheezy", this issue has been fixed in extplorer version
2.1.0b6+dfsg.3-4+deb7u4.
We recommend that you upgrade your extplorer packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJXskJOAAoJEB6VPifUMR5Y7FsP/Ap8+dtoh5Cu6V4kzEJytxl5
Uh5/vS5wU/IeP6sl7qSlfcWQTAksMFqi1A/DVWyQe4yQ894AK71oYqH2pdiDen1o
4KuuiS0SyWPUnQDMjuKJyhuTUglf8OEZWlqqaZl6CSBV/bD2aMvUCY/3rVb1gSzZ
pVSP8FthxnBGN3ryATgTfRaZ7QGfL9Xy1sUB5kMJUkk2ThldTGyneCgUO+nrSMsa
Zd467RFBCWmch5eyOfDKOiSZi32+8IcyleMYwFI+A97WNmtbjQAFzQAjxeN0aLtw
3GE+2qsSPBh0WETMX+23kMbQUkR9W9H5CXCHBgxonvB7iXL574iaDChYdQ0T8MTR
uiBnb5lC6J2mPfwGaTHKGW6vK25yo7OAwfy/N5mwz4Sk+A4l/AQHPCUVThQSgLu0
FMgkKhOLCO2zf7BM9yYLWvOkx/HQc73PohUZPafG15J2KLCTizbbw2JDz3CaA6/R
a18Oog7EAJ7xk+y6aKWlxOjtLn+i1rJPrSKIVLyjce98Z8U4v/pXtZehamMpixD5
Uq7W1cemUCoirdA2hvs8DTV2ZHAtUEGZl0T0ZR5D4oi6NtuDUXzGenkYwlsK1gSn
tmy1Q7QPG9Vm6l6+aZsRnLOPKfpniDJ7kpXBFdsjlnpUuUn0NtJ+f+MqWIvltN85
JFCAg5yEd7d6ahRBBAmF
=w8ij
-----END PGP SIGNATURE-----
Reply to: