Re: [SECURITY] bug in contains_dot

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY] bug in contains_dot_dot routine

From:	Mark J Cox
Subject:	Re: [SECURITY] bug in contains_dot_dot routine
Date:	Tue, 28 May 2002 09:28:43 +0100 (BST)

> Thanks for the patch.  I doubt whether it suffices to close the hole,
> though.  The next test version of GNU tar will remove that code.

And replace it with a better check?

Do you have an ETA for this new version?  We want to release an update to
tar for our users to fix this issue and having the official patch would be
preferable.

Cheers, Mark
--
Mark J Cox / Red Hat / OpenSSL / Apache Software Foundation
address@hidden // T: +44 798 061 3110 // F: +44 870 1319174

[Prev in Thread]

Current Thread

[Next in Thread]

[SECURITY] bug in contains_dot_dot routine, Mark J Cox, 2002/05/27
- Re: [SECURITY] bug in contains_dot_dot routine, Paul Eggert, 2002/05/28
  - Re: [SECURITY] bug in contains_dot_dot routine, Mark J Cox <=
    - Re: [SECURITY] bug in contains_dot_dot routine, Paul Eggert, 2002/05/28
    - Re: [SECURITY] bug in contains_dot_dot routine, Mark J Cox, 2002/05/31

Prev by Date: GNU patch test version 2.5.6 released
Next by Date: Mortgage Rates Have Never Been Lower
Previous by thread: Re: [SECURITY] bug in contains_dot_dot routine
Next by thread: Re: [SECURITY] bug in contains_dot_dot routine
Index(es):
- Date
- Thread