oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

jar(1) -- directory traversal

From: Alexander Cherepanov <ch3root () openwall com>
Date: Fri, 16 Jan 2015 06:03:55 +0300
Hi!
jar(1) in Debian jessie (openjdk-7-jdk 7u71-2.5.3-2) is susceptible to a directory traversal vulnerability via absolute and relative paths. Other distros could also be interested in this issue. 

Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774953

Not sure if this is just CVE-2005-1080 not fixed or something else. But
please note that CVE-2005-1080 talks about .. only.
Debian security team forwarded the report to Oracle Security Team at 2015-01-12 11:01 +0100. Thanks! 

--
Alexander Cherepanov
Previous By Date Next
Previous By Thread Next

Current thread: