[Bug 8411] tar: directory traversal via crafted tar file which contains a symlink pointing outside of the current directory

bugzilla at busybox.net bugzilla at busybox.net
Thu Aug 10 09:57:40 UTC 2017


https://bugs.busybox.net/show_bug.cgi?id=8411

Denys Vlasenko <vda.linux at googlemail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #17 from Denys Vlasenko <vda.linux at googlemail.com> ---
Fixed in git:

commit bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7
Author: Denys Vlasenko <vda.linux at googlemail.com>
Date:   Thu Aug 10 11:52:42 2017 +0200

    libarchive: do not extract unsafe symlinks unless
$EXTRACT_UNSAFE_SYMLINKS=1

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list