[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [PATCH 0/1] CVE-2023-39810 fix proposal
From: Peter Kaestle <peter.kaestle () nokia ! com>
Date: 2024-04-29 11:14:09
Message-ID: 20240429111410.1430555-1-peter.kaestle () nokia ! com
[Download RAW message or body]
Hello busybox community,
as I haven't seen much ongoin about the path traversal problem of
CVE-2023-39810, I spent some time on it and want to share a poposal how
it could be mitigated.
Happy to see some comments on my proposal.
Thank you very much and best regards
--peter;
Peter Kaestle (1):
archival: new option to disallow path traversals
archival/Config.src | 7 +++++++
archival/libarchive/data_extract_all.c | 22 ++++++++++++++++++++++
testsuite/cpio.tests | 18 ++++++++++++++++++
3 files changed, 47 insertions(+)
--
2.44.0
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic