develooper Front page | perl.perl5.porters | Postings from September 2018

[perl #133250] CVE-2018-12015: Archive::Tar: directory traversal

Tony Cook via RT
September 24, 2018 05:19
[perl #133250] CVE-2018-12015: Archive::Tar: directory traversal
Message ID:
On Fri, 21 Sep 2018 03:04:18 -0700, arc wrote:
> tonyc wrote:
> > Since this issue is public, given two other votes I'll apply it
> > immediately to maint-5.26 and make this ticket public.
> I can't see an entry in the votes file, but please take this as my
> vote to merge to maint-5.26.

Yeah, there's no corresponding commit in blead, since that included the full
upstream release rather than just the CVE fix.

Applied as d0130b8d46dabdeb571fff8bbc3a791f4ea1f28c.

Leaving this open until is released.


via perlbug:  queue: perl5 status: open Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About