Date: Wed, 6 Dec 2006 09:18:02 +0000 (UTC) From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src UPDATING src/contrib/tar/src common.h extract.c tar.c src/sys/conf newvers.sh src/sys/dev/firewire fwdev.c Message-ID: <200612060918.kB69I23e041314@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
cperciva 2006-12-06 09:18:02 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_4_11)
. UPDATING
contrib/tar/src common.h extract.c tar.c
sys/conf newvers.sh
sys/dev/firewire fwdev.c
Log:
Correct a signedness bug which allowed members of the operator
group to read kernel memory. [1]
Disable handling of GNUTYPE_NAMES tar file entries by default,
since they can be used to extract files outside of the cwd. [2]
Security: FreeBSD-SA-06:25.kmem [1]
Security: FreeBSD-SA-06:26.gtar [2]
Approved by: so (cperciva)
Revision Changes Path
1.73.2.91.2.27 +7 -0 src/UPDATING
1.2.2.1.10.1 +4 -1 src/contrib/tar/src/common.h
1.4.2.3.8.1 +8 -2 src/contrib/tar/src/extract.c
1.2.2.2.6.1 +9 -1 src/contrib/tar/src/tar.c
1.44.2.39.2.30 +1 -1 src/sys/conf/newvers.sh
1.2.4.16.4.1 +1 -1 src/sys/dev/firewire/fwdev.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612060918.kB69I23e041314>