SECURITY: Update cabextract to 1.6.

It fixes CVE-2015-2060, a directory traversal vulnerability. A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to an absolute path instead of the current directory. [Debian bug #778753] Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute files and "../" directory traversals and can get its files extracted to any path.
author: bsiegert <bsiegert> 2015-03-27 16:49:55 +0000
committer: bsiegert <bsiegert> 2015-03-27 16:49:55 +0000
commit: 1a512f04134552a20910204990381a7841ec9c0e (patch)
tree: 36dd045c140ad47d20c49288139eb08887685838 /archivers/cabextract/distinfo
parent: a64db0fbd5d60a1f48230d3ca732d86de38db886 (diff)
download: pkgsrc-1a512f04134552a20910204990381a7841ec9c0e.tar.gz
1 files changed, 4 insertions, 5 deletions
diff --git a/archivers/cabextract/distinfo b/archivers/cabextract/distinfo
index 3ba254e2193..23516792b70 100644
--- a/archivers/cabextract/distinfo
+++ b/archivers/cabextract/distinfo
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.14 2015/01/29 13:28:28 wiz Exp $
+$NetBSD: distinfo,v 1.15 2015/03/27 16:49:55 bsiegert Exp $
 
-SHA1 (cabextract-1.5.tar.gz) = 7ddb31072590a807bef09234f46f940e1ba51067
-RMD160 (cabextract-1.5.tar.gz) = a1f673aee26b13911eba14fca3b892f8f9cad501
-Size (cabextract-1.5.tar.gz) = 241010 bytes
-SHA1 (patch-mspack_system.h) = e997f6ea664e8fbf7b03ff9fb10fb8adc06d8779
+SHA1 (cabextract-1.6.tar.gz) = 64f6d5056d3e417a943648c23cb22218b7079ced
+RMD160 (cabextract-1.6.tar.gz) = 6b693c30aa4d6821b5e83b63a8dc9d58968268b7
+Size (cabextract-1.6.tar.gz) = 241731 bytes
author	bsiegert <bsiegert>	2015-03-27 16:49:55 +0000
committer	bsiegert <bsiegert>	2015-03-27 16:49:55 +0000
commit	1a512f04134552a20910204990381a7841ec9c0e (patch)
tree	36dd045c140ad47d20c49288139eb08887685838 /archivers/cabextract/distinfo
parent	a64db0fbd5d60a1f48230d3ca732d86de38db886 (diff)
download	pkgsrc-1a512f04134552a20910204990381a7841ec9c0e.tar.gz