File: [cvs.NetBSD.org] / pkgsrc / archivers / cabextract / Makefile (download)
Revision 1.27, Fri Mar 27 16:49:55 2015 UTC (9 years ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1 Changes since 1.26: +2 -2
lines
SECURITY: Update cabextract to 1.6.
It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.
|