Bug#774716: paxtar: directory traversal vulnerabilities

To: Alexander Cherepanov <cherepan@mccme.ru>, 774716@bugs.debian.org
Subject: Bug#774716: paxtar: directory traversal vulnerabilities
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 18 Jan 2015 21:33:55 +0100
Message-id: <[🔎] 20150118203355.GA22832@elende.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 774716@bugs.debian.org
In-reply-to: <[🔎] 54AC2C7C.1020005@mccme.ru>
References: <[🔎] 54AC2C7C.1020005@mccme.ru>

Control: retitle -1 paxtar: directory traversal vulnerabilities (CVE-2015-1193 CVE-2015-1194)

Hi,

According to MITRE the following two CVEs were assigned for pax:

> Use CVE-2015-1193 for the .. path traversal (CWE-22).
> 
> Use CVE-2015-1194 for the symlink following, which can allow access outside of
> the current directory.

Regards,
Salvatore

Reply to:

References:
- Bug#774716: paxtar: directory traversal vulnerabilities
  - From: Alexander Cherepanov <cherepan@mccme.ru>

Prev by Date: Bug#775218: ppmd: directory traversal vulnerability
Next by Date: Processed: closing 469383
Previous by thread: Processed: Re: Bug#774716: paxtar: directory traversal vulnerabilities
Next by thread: Bug#743686: ulatencyd: Ulatencyd start without consolekit support
Index(es):
- Date
- Thread