-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-06-18 08:37:54 UTC
-
mfrom:
(4.1.2 hardy-proposed)
-
Revision ID:
james.westby@ubuntu.com-20100618083754-8vi7ppfmygc1y2yo
Tags: 2:0.95-1ubuntu2.1
* SECURITY UPDATE: directory traversal vulnerabilities (LP: #540575)
- jartool.c (extract_jar): Fix up checks for traversal to parent
directories, disallow absolute paths, make the code slightly more
efficient. (patch from trunk)
- CVE-2010-0831
* Additional patches from the trunk:
- jartool.c (read_entries): Properly zero-terminate filename.