Bug#449544: CVE-2007-4829 directory traversal vulnerability

Nico Golde nion at debian.org
Tue Nov 6 14:01:41 UTC 2007


Package: libarchive-tar-perl
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libarchive-tar-perl.

CVE-2007-4829[0]:
| Directory traversal vulnerability in the Archive::Tar Perl module 1.36
| and earlier allows user-assisted remote attackers to overwrite
| arbitrary files via a TAR archive that contains a file whose name is
| an absolute path or has ".." sequences.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4829

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20071106/8f3adfae/attachment.pgp 


More information about the pkg-perl-maintainers mailing list