FS#43748 - [pigz][CVE-2015-1191] Vulnerability in pigz 2.3.1 please update to pigz 2.3.3
Attached to Project:
Community Packages
Opened by Christian Rebischke (Shibumi) - Monday, 09 February 2015, 04:54 GMT
Last edited by Jonathan Steel (jsteel) - Monday, 09 February 2015, 18:16 GMT
Opened by Christian Rebischke (Shibumi) - Monday, 09 February 2015, 04:54 GMT
Last edited by Jonathan Steel (jsteel) - Monday, 09 February 2015, 18:16 GMT
|
Details
Summary
======= The current version is vulnerable to CVE-2015-1191. Please update the package. Package version in upstream is 2.3.3 current package version is 2.3.1. Overview: Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. References ========== http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1191 |
This task depends upon
Closed by Jonathan Steel (jsteel)
Monday, 09 February 2015, 18:16 GMT
Reason for closing: None
Additional comments about closing: Updated
Monday, 09 February 2015, 18:16 GMT
Reason for closing: None
Additional comments about closing: Updated