pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/archivers/cabextract
From: Benny Siegert
Date: 2015-03-27 17:49:55
Message id: 20150327164955.ADFC598@cvs.netbsd.org

Log Message:
SECURITY: Update cabextract to 1.6.

It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files \ 
extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade \ 
checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.

Files:

Revision	Action	file
1.27	modify	pkgsrc/archivers/cabextract/Makefile
1.15	modify	pkgsrc/archivers/cabextract/distinfo
1.2	remove	pkgsrc/archivers/cabextract/patches/patch-mspack_system.h