Date: Wed, 15 Aug 2007 21:10:07 GMT From: "Ronald Klop" <ronald-freebsd8@klop.yi.org> To: freebsd-java@FreeBSD.org Subject: Re: java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable Message-ID: <200708152110.l7FLA7OR085313@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/115558; it has been noted by GNATS. From: "Ronald Klop" <ronald-freebsd8@klop.yi.org> To: "Greg Lewis" <glewis@eyesbeyond.com> Cc: "FreeBSD gnats submit" <FreeBSD-gnats-submit@freebsd.org> Subject: Re: java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable Date: Wed, 15 Aug 2007 23:00:24 +0200 On Wed, 15 Aug 2007 22:41:51 +0200, Greg Lewis <glewis@eyesbeyond.com> wrote: > The problem is, I think its still vulnerable: > > laptop> ls /tmp/test > ls: /tmp/test: No such file or directory > laptop> pwd > /tmp/jar_test > laptop> jar tf bad.jar > META-INF/ > META-INF/MANIFEST.MF > java-rmi.cgi > ../../../../../../../../../../../../../../tmp/test > laptop> /usr/local/linux-sun-jdk1.6.0/bin/jar xf bad.jar > laptop> ls /tmp/test > /tmp/test > laptop> rm -f /tmp/test > laptop> /usr/local/jdk1.6.0/bin/jar xf bad.jar > ignoring entry ../../../../../../../../../../../../../../tmp/test > laptop> ls /tmp/test > ls: /tmp/test: No such file or directory > laptop> > Then please close my PR. Thanks for testing this better than I did. Ronald. -- Ronald Klop Amsterdam, The Netherlands
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708152110.l7FLA7OR085313>