oss-sec mailing list archives

Re: CVE request: patch directory traversal flaw

From: Steve Beattie <steve () nxnw org>
Date: Thu, 6 Jan 2011 10:40:38 -0800

On Wed, Jan 05, 2011 at 02:54:57PM -0700, Vincent Danen wrote:

We got a heads up on a directory traversal flaw in patch.  I don't think
a CVE name has been assigned to it; could we get one?  It allows for the
creation of arbitrary files in unexpected places due to the use of '..'.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=667529
http://osdir.com/ml/bug-patch-gnu/2010-12/msg00000.html

Thanks.


I believe the Debian security team assigned CVE-2010-1679 for this
issue.

-- 
Steve Beattie
<sbeattie () ubuntu com>
http://NxNW.org/~steve/

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
- Re: CVE request: patch directory traversal flaw Dan Rosenberg (Jan 05)
  - Re: CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
- Re: CVE request: patch directory traversal flaw Steve Beattie (Jan 06)
  - Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)
- Re: CVE request: patch directory traversal flaw Josh Bressers (Jan 06)
  - Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Jan 26)
  - Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Feb 18)
- Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)