© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
I've attached a fix for both issues. I've tested the fix thoroughly, confirmed it does not break functionality, and made sure it resolves the vulnerability, even when doing all sorts of tricks with "." and ".." entries in the path of a file added to a .jar archive.