Patch proposal to do not apply symbolic links included in zip files.

Bug #1636207 reported by Gerard Wagener on 2016-10-24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unzip (Ubuntu)

Bug Description

Zip files might include symbolic links which could be abused by an attacker to escape from restricted directories and/or from restricted environments. The attached patch includes a command line option -g which does not apply the symbolic links when zip file is extracted. In case a zip file includes a symbolic link a file is created instead containing the target of the symbolic link.

Gerard Wagener (haegardev) wrote :

The attachment "do_not_apply_symlinks.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers