| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes directory traversal vulnerability via symlinks
Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
Upstream report:
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
* src/copyin.c (get_link_name): New function.
(list_file, copyin_link): use get_link_name
* tests/symlink-bad-length.at: New file.
* tests/symlink-long.at: New file.
* tests/Makefile.am: Add new files.
* tests/testsuite.at: Likewise.
See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
Upstream-Status: Backport
Signed-off-by: Sergey Poznyakoff <gray@gnu.org.ua>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
| |
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
Migrated from the internal git server on the daisy-enea branch
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|