develooper Front page | perl.perl5.porters | Postings from September 2018

[perl #133250] CVE-2018-12015: Archive::Tar: directory traversal

From:
Tony Cook via RT
Date:
September 24, 2018 05:19
Subject:
[perl #133250] CVE-2018-12015: Archive::Tar: directory traversal
Message ID:
rt-4.0.24-13297-1537766382-449.133250-15-0@perl.org
On Fri, 21 Sep 2018 03:04:18 -0700, arc wrote:
> tonyc wrote:
> > Since this issue is public, given two other votes I'll apply it
> > immediately to maint-5.26 and make this ticket public.
> 
> I can't see an entry in the votes file, but please take this as my
> vote to merge to maint-5.26.

Yeah, there's no corresponding commit in blead, since that included the full
upstream release rather than just the CVE fix.

Applied as d0130b8d46dabdeb571fff8bbc3a791f4ea1f28c.

Leaving this open until 5.26.next is released.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=133250



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About