CVS commit: pkgsrc/archivers/cabextract

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/archivers/cabextract
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Fri, 27 Mar 2015 16:49:55 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Mar 27 16:49:55 UTC 2015

Modified Files:
        pkgsrc/archivers/cabextract: Makefile distinfo
Removed Files:
        pkgsrc/archivers/cabextract/patches: patch-mspack_system.h

Log Message:
SECURITY: Update cabextract to 1.6.

It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/archivers/cabextract/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/archivers/cabextract/distinfo
cvs rdiff -u -r1.2 -r0 \
    pkgsrc/archivers/cabextract/patches/patch-mspack_system.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/time/khal
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/time/khal
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index