oss-sec mailing list archives
Re: CVE request: patch directory traversal flaw
From: Steve Beattie <steve () nxnw org>
Date: Thu, 6 Jan 2011 10:40:38 -0800
On Wed, Jan 05, 2011 at 02:54:57PM -0700, Vincent Danen wrote:
We got a heads up on a directory traversal flaw in patch. I don't think a CVE name has been assigned to it; could we get one? It allows for the creation of arbitrary files in unexpected places due to the use of '..'. References: https://bugzilla.redhat.com/show_bug.cgi?id=667529 http://osdir.com/ml/bug-patch-gnu/2010-12/msg00000.html Thanks.
I believe the Debian security team assigned CVE-2010-1679 for this issue. -- Steve Beattie <sbeattie () ubuntu com> http://NxNW.org/~steve/
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
- Re: CVE request: patch directory traversal flaw Dan Rosenberg (Jan 05)
- Re: CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
- Re: CVE request: patch directory traversal flaw Steve Beattie (Jan 06)
- Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)
- Re: CVE request: patch directory traversal flaw Josh Bressers (Jan 06)
- Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Jan 26)
- Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Feb 18)
- Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)
- Re: CVE request: patch directory traversal flaw Dan Rosenberg (Jan 05)