oss-sec mailing list archives

CVE request: pigz, kgb, pax: directory traversal

From: Thijs Kinkhorst <thijs () debian org>
Date: Mon, 12 Jan 2015 19:36:37 +0100

Hi,

Three additional cases of directory traversal in archiving utilities have been 
reported to Debian. Please assign a CVE id to each.

- pigz
  Report: https://bugs.debian.org/774978
  Fix: 
https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f

- kgb
  Report: https://bugs.debian.org/774989

- pax
  Report: https://bugs.debian.org/774716 and
      http://www.openwall.com/lists/oss-security/2015/01/07/5


Thanks,

Thijs Kinkhorst
Debian security team

Current thread:

CVE request: pigz, kgb, pax: directory traversal Thijs Kinkhorst (Jan 12)
- Re: CVE request: pigz, kgb, pax: directory traversal cve-assign (Jan 18)