Path to this page:
Subject: CVS commit: pkgsrc/archivers/cabextract
From: Benny Siegert
Date: 2015-03-27 17:49:55
Message id: 20150327164955.ADFC598@cvs.netbsd.org
Log Message:
SECURITY: Update cabextract to 1.6.
It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files \
extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade \
checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.
Files: