pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New cabextract 1.6 release

Hello all,

cabextract 1.6 has been released.

It fixes CVE-2015-2060, a directory traversal vulnerability.
  • A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to an absolute path instead of the current directory. [Debian bug #778753]
  • Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute files and "../" directory traversals and can get its files extracted to any path.
cabextract can be downloaded from

SHA256 sums:

2ba2f538813c24dfd76866e21b137844420f79a363aece6dc4a7ac98dc24ee6b  cabextract-1.6-1.i386.rpm
559ce33d97c02c8bde0b57396c553535dd004dfb0cbd917f0e75706d5e7b3d67  cabextract-1.6-1.src.rpm
cee661b56555350d26943c5e127fc75dd290b7f75689d5ebc1f04957c4af55fb  cabextract-1.6.tar.gz


Home | Main Index | Thread Index | Old Index