Date: Thu, 31 Oct 2002 16:58:00 -0800 (PST) From: Tony Finch <fanf@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.bin/uudecode uudecode.c Message-ID: <200211010058.gA10w0kk037870@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
fanf 2002/10/31 16:58:00 PST
Modified files:
usr.bin/uudecode uudecode.c
Log:
Be much more paranoid about where uudecode writes its output, especially
when the filename comes from the untrusted input. This is a work-around
for careless people who don't routinely check the begin line of the file
or run uudecode -i and instead report "vulnerabilities" to CERT.
http://www.kb.cert.org/vuls/id/336083
Revision Changes Path
1.42 +36 -7 src/usr.bin/uudecode/uudecode.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211010058.gA10w0kk037870>