[Buildroot] [PATCH] perl: add upstream security fix for CVE-2018-12015
Peter Korsgaard
peter at korsgaard.com
Sun Jun 17 15:55:21 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2018-12015 - In Perl through 5.26.2, the Archive::Tar module
> allows remote attackers to bypass a directory-traversal protection
> mechanism, and overwrite arbitrary files, via an archive file containing a
> symlink and a regular file with the same name.
> Patch from
> https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
> with path rewritten to match perl tarball.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list