Date: Wed, 15 Aug 2007 21:20:07 GMT From: Greg Lewis <glewis@eyesbeyond.com> To: freebsd-java@FreeBSD.org Subject: Re: java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable Message-ID: <200708152120.l7FLK7bO085579@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/115558; it has been noted by GNATS. From: Greg Lewis <glewis@eyesbeyond.com> To: Ronald Klop <ronald-freebsd8@klop.yi.org> Cc: FreeBSD gnats submit <FreeBSD-gnats-submit@freebsd.org> Subject: Re: java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable Date: Wed, 15 Aug 2007 13:41:51 -0700 The problem is, I think its still vulnerable: laptop> ls /tmp/test ls: /tmp/test: No such file or directory laptop> pwd /tmp/jar_test laptop> jar tf bad.jar META-INF/ META-INF/MANIFEST.MF java-rmi.cgi ../../../../../../../../../../../../../../tmp/test laptop> /usr/local/linux-sun-jdk1.6.0/bin/jar xf bad.jar laptop> ls /tmp/test /tmp/test laptop> rm -f /tmp/test laptop> /usr/local/jdk1.6.0/bin/jar xf bad.jar ignoring entry ../../../../../../../../../../../../../../tmp/test laptop> ls /tmp/test ls: /tmp/test: No such file or directory laptop> -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708152120.l7FLK7bO085579>