|
From: | Paul Eggert |
Subject: | Re: [Bug-tar] possible fixes for CVE-2016-6321 |
Date: | Sat, 29 Oct 2016 21:19:09 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 |
I don't view this as a serious bug, as the tar manual has long said that you should extract untrusted tarballs only into empty directories, and doing that forestalls the attack even without this patch. (There are other reasons for this longstanding recommendation.)
0001-When-extracting-skip-.-members.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |