Date: Thu, 28 Apr 2005 09:27:37 +0200 From: Remko Lodder <remko@FreeBSD.org> To: Greg Lewis <glewis@FreeBSD.org> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/java/jdk13/filespatch-j2sdk1.3.1-jar-Main.java patch-j2sdk1.3.1-resources-jar.properties Message-ID: <42709069.5010703@FreeBSD.org> In-Reply-To: <200504272031.j3RKVXdX057038@repoman.freebsd.org> References: <200504272031.j3RKVXdX057038@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Lewis wrote: > glewis 2005-04-27 20:31:33 UTC > > FreeBSD ports repository > > Added files: > java/jdk13/files patch-j2sdk1.3.1-jar-Main.java > patch-j2sdk1.3.1-resources-jar.properties > Log: > . Ensure that when files are extracted that their fully resolved path lies > in or below the current working directory. Fixes a security problem with > jar(1). > > This fix may change to be compatible with whatever fix Sun applies when > they release the next version of 1.5. > > Revision Changes Path > 1.1 +56 -0 ports/java/jdk13/files/patch-j2sdk1.3.1-jar-Main.java (new) > 1.1 +11 -0 ports/java/jdk13/files/patch-j2sdk1.3.1-resources-jar.properties (new) Thanks for fixing the vulnerability. Could you please add it the next time to your commit? The portmgr team gave as a guideline: Security: CAN-<whatever> Security: http://vuxml.FreeBSD.org/<id>; etc. Oh and perhaps you can mention in your commit that this did not solve the browser plugin vulnerability. Thanks! -- Kind regards, Remko Lodder ** remko@elvandar.org Reporter DSINET ** remko@DSINet.org Founder Tienervaders ** remko@tienervaders.org FreeBSD Documentation Project ** remko@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42709069.5010703>