* Fix symlink handling (LP: #1753572)
- debian/patches/CVE-2011-5325-2.patch: re-enable patch.
- debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
the same way tar/unzip does in archival/cpio.c.
- debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
archival/libarchive/get_header_ar.c.
This bug was fixed in the package busybox - 1:1.27.2-2ubuntu4
---------------
busybox (1:1.27.2-2ubuntu4) cosmic; urgency=medium
* Fix symlink handling (LP: #1753572) patches/ CVE-2011- 5325-2. patch: re-enable patch. patches/ CVE-2011- 5325-3. patch:postpone creation of symlinks libarchive/ data_extract_ all.c, libarchive/ unsafe_ symlink_ target. c, archival/tar.c, bb_archive. h, testsuite/ tar.tests. patches/ CVE-2011- 5325-4. patch: extract "unsafe" symlinks patches/ CVE-2011- 5325-5. patch: fix symlink creation in libarchive/ get_header_ ar.c.
- debian/
- debian/
with "suspicious" targets in archival/
archival/
include/
- debian/
the same way tar/unzip does in archival/cpio.c.
- debian/
archival/
-- Marc Deslauriers <email address hidden> Mon, 09 Jul 2018 10:25:24 -0400