This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: Directory traversal in `ar`
- From: Alexander Cherepanov <cherepan at mccme dot ru>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Wed, 07 Jan 2015 17:11:51 +0300
- Subject: Re: Directory traversal in `ar`
On 2015-01-05 22:16, Alexander Cherepanov wrote:
> On 2014-12-30 01:17, Alexander Cherepanov wrote:
>> On 2014-12-29 03:00, Mark Wielaard wrote:
>>>>> BTW. For patches we require people to follow the guidelines in the
>>>>> CONTRIBUTING file (in particular we require a Signed-off-by line):
>>>>> https://git.fedorahosted.org/cgit/elfutils.git/tree/CONTRIBUTING
>>>>
>>>> Sorry, a better patch attached.
>>>
>>> The patch looks perfect and I agree with your analysis.
>>> Pushed as is to master.
>>
>> Cook, thanks!
>
> Hm, s/Cook/Cool/
>
>> CVE request is here:
>> http://www.openwall.com/lists/oss-security/2014/12/29/2
>
> CVE-2014-9486 is assigned here:
> http://www.openwall.com/lists/oss-security/2015/01/03/9
Hm, two CVEs were erroneously issued for this issue and CVE-2014-9486
was REJECTed in the end. The right one is CVE-2014-9447.
http://www.openwall.com/lists/oss-security/2015/01/07/3
--
Alexander Cherepanov