diff options
author | bsiegert <bsiegert> | 2015-03-27 16:49:55 +0000 |
---|---|---|
committer | bsiegert <bsiegert> | 2015-03-27 16:49:55 +0000 |
commit | 1a512f04134552a20910204990381a7841ec9c0e (patch) | |
tree | 36dd045c140ad47d20c49288139eb08887685838 /archivers/cabextract/distinfo | |
parent | a64db0fbd5d60a1f48230d3ca732d86de38db886 (diff) | |
download | pkgsrc-1a512f04134552a20910204990381a7841ec9c0e.tar.gz |
SECURITY: Update cabextract to 1.6.
It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.
Diffstat (limited to 'archivers/cabextract/distinfo')
-rw-r--r-- | archivers/cabextract/distinfo | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/archivers/cabextract/distinfo b/archivers/cabextract/distinfo index 3ba254e2193..23516792b70 100644 --- a/archivers/cabextract/distinfo +++ b/archivers/cabextract/distinfo @@ -1,6 +1,5 @@ -$NetBSD: distinfo,v 1.14 2015/01/29 13:28:28 wiz Exp $ +$NetBSD: distinfo,v 1.15 2015/03/27 16:49:55 bsiegert Exp $ -SHA1 (cabextract-1.5.tar.gz) = 7ddb31072590a807bef09234f46f940e1ba51067 -RMD160 (cabextract-1.5.tar.gz) = a1f673aee26b13911eba14fca3b892f8f9cad501 -Size (cabextract-1.5.tar.gz) = 241010 bytes -SHA1 (patch-mspack_system.h) = e997f6ea664e8fbf7b03ff9fb10fb8adc06d8779 +SHA1 (cabextract-1.6.tar.gz) = 64f6d5056d3e417a943648c23cb22218b7079ced +RMD160 (cabextract-1.6.tar.gz) = 6b693c30aa4d6821b5e83b63a8dc9d58968268b7 +Size (cabextract-1.6.tar.gz) = 241731 bytes |