pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/archivers/cabextract



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Mar 27 16:49:55 UTC 2015

Modified Files:
        pkgsrc/archivers/cabextract: Makefile distinfo
Removed Files:
        pkgsrc/archivers/cabextract/patches: patch-mspack_system.h

Log Message:
SECURITY: Update cabextract to 1.6.

It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/archivers/cabextract/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/archivers/cabextract/distinfo
cvs rdiff -u -r1.2 -r0 \
    pkgsrc/archivers/cabextract/patches/patch-mspack_system.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index