Hello community, here is the log from the commit of package tar checked in at Fri Aug 31 16:03:27 CEST 2007. -------- --- tar/tar.changes 2007-08-20 18:10:04.000000000 +0200 +++ /mounts/work_src_done/STABLE/tar/tar.changes 2007-08-31 12:57:08.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Aug 31 12:55:24 CEST 2007 - mkoenig@suse.de + +- fixed another directory traversal vulnerability, CVE-2001-1267, + CVE-2002-0399, [#29973] + +------------------------------------------------------------------- New: ---- tar-1.15.1-CVE-2001-1267.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tar.spec ++++++ --- /var/tmp/diff_new_pack.B23036/_old 2007-08-31 16:02:39.000000000 +0200 +++ /var/tmp/diff_new_pack.B23036/_new 2007-08-31 16:02:39.000000000 +0200 @@ -19,7 +19,7 @@ PreReq: %install_info_prereq Autoreqprov: on Version: 1.17 -Release: 13 +Release: 17 Summary: GNU implementation of tar ((t)ape (ar)chiver) Source0: %name-%version.tar.bz2 Patch0: tar-disable_languages.patch @@ -27,6 +27,7 @@ Patch2: tar-manpage.patch Patch3: tar-1.17-testsuite12.patch Patch4: tar-1.17-paxlib-owl-alloca.patch +Patch5: tar-1.15.1-CVE-2001-1267.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define _bindir /bin @@ -67,6 +68,7 @@ %patch2 -p1 %patch3 %patch4 +%patch5 -p0 %build rm -f po/no.* po/ky.* @@ -108,6 +110,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Aug 31 2007 - mkoenig@suse.de +- fixed another directory traversal vulnerability, CVE-2001-1267, + CVE-2002-0399, [#29973] * Mon Aug 20 2007 - mkoenig@suse.de - use correct patch for paxlib stack overflow [#301416] * Fri Aug 17 2007 - lmichnovic@suse.cz ++++++ tar-1.15.1-CVE-2001-1267.patch ++++++ --- src/names.c +++ src/names.c @@ -1152,11 +1152,10 @@ if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) return 1; - do + while (! ISSLASH (*p)) { if (! *p++) return 0; } - while (! ISSLASH (*p)); } } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de