Re: [oss-security] CVE request: patch directory traversal flaw

From: Steve Beattie <steve_at_nospam>
Date: Thu Jan 06 2011 - 18:40:38 GMT
To: oss-security@lists.openwall.com

On Wed, Jan 05, 2011 at 02:54:57PM -0700, Vincent Danen wrote:
> We got a heads up on a directory traversal flaw in patch. I don't think
> a CVE name has been assigned to it; could we get one? It allows for the
> creation of arbitrary files in unexpected places due to the use of '..'.
>
> References:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=667529
> http://osdir.com/ml/bug-patch-gnu/2010-12/msg00000.html
>
> Thanks.

I believe the Debian security team assigned CVE-2010-1679 for this
issue.

-- Steve Beattie <sbeattie@ubuntu.com> http://NxNW.org/~steve/

This message: [ Message body ]
Next message: Josh Bressers: "Re: [oss-security] CVE request: hastymail before 1.01 XSS"
Previous message: Nelson Elhage: "Re: [oss-security] CVE-NONE kernel: PHONET signedness issue"
In reply to: Vincent Danen: "[oss-security] CVE request: patch directory traversal flaw"
Next in thread: Raphael Geissert: "[oss-security] Re: CVE request: patch directory traversal flaw"
Reply: Raphael Geissert: "[oss-security] Re: CVE request: patch directory traversal flaw"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]