tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: nasty patches in pkgsrc regarding CVE-2010-4651: relative paths with ../



On 7/3/26 12:31 PM, Dr. Thomas Orgis wrote:
Thoughts? As it seems to me, anyone could claim that the BSD patch is
vulnerable to CVE-2010-4651, if I'm not missing something here.
Apologies in that case;-)

Just because someone decides something is a problem doesn't mean others have to agree. I'd argue that in the world of curlsh, relative paths with .. components are the least of our problems.

Joerg


Home | Main Index | Thread Index | Old Index