Comment 5 for bug 540575

This bug was fixed in the package fastjar - 2:0.98-1ubuntu0.10.04.1

---------------
fastjar (2:0.98-1ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: directory traversal vulnerabilities (LP: #540575)
    - jartool.c (extract_jar): Fix up checks for traversal to parent
      directories, disallow absolute paths, make the code slightly more
      efficient. (patch from trunk)
    - CVE-2010-0831
  * Additional patches from the trunk:
    - jartool.c (read_entries): Properly zero-terminate filename.
    - jartool.c (add_file_to_jar): Fix write return value check.
 -- Marc Deslauriers <email address hidden> Fri, 18 Jun 2010 08:20:03 -0400