[Buildroot] [PATCH] perl: add upstream security fix for CVE-2018-12015

Peter Korsgaard peter at korsgaard.com
Sun Jun 17 15:55:21 UTC 2018


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2018-12015 - In Perl through 5.26.2, the Archive::Tar module
 > allows remote attackers to bypass a directory-traversal protection
 > mechanism, and overwrite arbitrary files, via an archive file containing a
 > symlink and a regular file with the same name.

 > Patch from
 > https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
 > with path rewritten to match perl tarball.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2018.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list