Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-2900

The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.

Related bugs and status

CVE-2013-2900 (Candidate) is related to these bugs:

Bug #1215361: Please update to 29.0.1547.57

Summary				In	Importance	Status
	1215361	Please update to 29.0.1547.57		chromium-browser (Ubuntu)	Medium	Fix Released

Bug #1223855: after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T

Summary				In	Importance	Status
	1223855	after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://crbug.com/181617
CONFIRM: http://googlechromerel...
DEBIAN: DSA-2741
CONFIRM: https://src.chromium.o...
OVAL: oval:org.mitre.oval:de...