Re: Bug#439335: CVE-2007-4131: GNU tar Directory Traversal

To: 439335@bugs.debian.org, debian-security@lists.debian.org
Subject: Re: Bug#439335: CVE-2007-4131: GNU tar Directory Traversal
From: paddy@panici.net
Date: Wed, 19 Dec 2007 22:51:35 +0000
Message-id: <[🔎] 20071219225135.GA19494@localhost.localdomain>
Mail-followup-to: 439335@bugs.debian.org, debian-security@lists.debian.org

previously ...

Nico Golde <nion@debian.org> [Sun, 9 Sep 2007 14:30:06 +0200]:
> Hi,
> * Sylvain Beucler <beuc@gnu.org> [2007-09-09 13:56]:
> > Was this forwarded to the Stable security team?
> > 
> > If I'm given a tarball that can replace /etc/passwd, I'd say this is
> > grave bug.
> 
> This bug is monitored via the security tracker:
> http://security-tracker.debian.net/tracker/CVE-2007-4131
> So they should be aware of it.

just noticed this going past in an osx update and had a "what ever
happenned to that?" moment.

Regards,
Paddy

Reply to:

Prev by Date: Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Next by Date: Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Next by thread: Flash 9.0.31 as distributed in Etch is insecure
Index(es):
- Date
- Thread