oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: patch directory tr

Re: [oss-security] CVE request: patch directory traversal flaw

From: Steve Beattie <steve_at_nospam>
Date: Thu Jan 06 2011 - 18:40:38 GMT
To: oss-security@lists.openwall.com

On Wed, Jan 05, 2011 at 02:54:57PM -0700, Vincent Danen wrote:
> We got a heads up on a directory traversal flaw in patch. I don't think
> a CVE name has been assigned to it; could we get one? It allows for the
> creation of arbitrary files in unexpected places due to the use of '..'.
>
> References:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=667529
> http://osdir.com/ml/bug-patch-gnu/2010-12/msg00000.html
>
> Thanks.

I believe the Debian security team assigned CVE-2010-1679 for this
issue.

-- Steve Beattie <sbeattie@ubuntu.com> http://NxNW.org/~steve/