Bug#774716: [Bug 537522] app-arch/pax: directory traversal (CVE-2015-{1193,1194})
tags 774716 + pending upstream
thanks
bugzilla-daemon@gentoo.org dixit:
>https://bugs.gentoo.org/show_bug.cgi?id=537522
>could you resync the pax code w/the latest openbsd ?
For the record over here: resync in progress, but we’ll see
a security fix backport-only release first (which the regular
and LTS security teams are invited to apply to jessie and
wheezy as well, or rather use as source to backport patches
from) and a fully rebased release later (tricky due to merge
conflicts due to heavy both local and upstream changes).
My current WiP trees for those merges, undocumented and
subject to force pushs though, is at github:MirBSD/opax
for these interested (master is OpenBSD, the branches
mpax and mpax-erstmalnurderbackport are merge aids that
are the base of what will end up in MirBSD CVS, and the
-upstream pendants are branched off the OpenBSD base of
MirBSD’s pax with the same upstream patchlevel; remember
this is for the “merge” part only, the “test, fix, make
portable” part will be done in CVS again, but this helps
(also myself) understanding what individual commit did
what change (to untangle conflicts).
I apologise for the delay. I will also retake active
maintainership of pax. Also sorry Alexander for not
reacting more proactively.
bye,
//mirabilos
--
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence. -- Coywolf Qi Hunt
Reply to: