This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug fastjar/28359] fastjar directory traversal problem
- From: "doko at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 5 Aug 2006 09:43:10 -0000
- Subject: [Bug fastjar/28359] fastjar directory traversal problem
- References: <bug-28359-3760@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #17 from doko at gcc dot gnu dot org 2006-08-05 09:43 -------
Subject: Bug 28359
Author: doko
Date: Sat Aug 5 09:43:02 2006
New Revision: 115946
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=115946
Log:
PR fastjar/28359 / CVE-2006-3619
2006-07-17 Richard Guenther <rguenther@suse.de>
* jartool.c (extract_jar): Do not allow directory traversal
to parents of the extraction root.
Modified:
branches/gcc-4_0-branch/fastjar/ChangeLog
branches/gcc-4_0-branch/fastjar/jartool.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359