Date: Sat, 14 May 2016 12:50:08 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 207965] [nanobsd] regression during disk image build after CVE-2015-2304 fix/libarchive 3.2.0 update Message-ID: <bug-207965-8-eq1nBhOj3J@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207965-8@https.bugs.freebsd.org/bugzilla/> References: <bug-207965-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207965 --- Comment #2 from Jason Unovitch <junovitch@freebsd.org> --- Created attachment 170272 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D170272&action= =3Dedit add --insecure to cpio calls Use --insecure to on cpio(1) calls As of libarchive-3.2.0, extraction to absolute paths is considered an insec= ure behavior to address CVE-2015-2304. The --insecure flag must to used to all= ow extraction to absolute paths. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207965-8-eq1nBhOj3J>