This bug was fixed in the package fastjar - 2:0.98-1ubuntu0.9.10.1
--------------- fastjar (2:0.98-1ubuntu0.9.10.1) karmic-security; urgency=low
* SECURITY UPDATE: directory traversal vulnerabilities (LP: #540575) - jartool.c (extract_jar): Fix up checks for traversal to parent directories, disallow absolute paths, make the code slightly more efficient. (patch from trunk) - CVE-2010-0831 * Additional patches from the trunk: - jartool.c (read_entries): Properly zero-terminate filename. - jartool.c (add_file_to_jar): Fix write return value check. -- Marc Deslauriers <email address hidden> Fri, 18 Jun 2010 08:23:57 -0400
This bug was fixed in the package fastjar - 2:0.98- 1ubuntu0. 9.10.1
--------------- 1ubuntu0. 9.10.1) karmic-security; urgency=low
fastjar (2:0.98-
* SECURITY UPDATE: directory traversal vulnerabilities (LP: #540575)
- jartool.c (extract_jar): Fix up checks for traversal to parent
directories, disallow absolute paths, make the code slightly more
efficient. (patch from trunk)
- CVE-2010-0831
* Additional patches from the trunk:
- jartool.c (read_entries): Properly zero-terminate filename.
- jartool.c (add_file_to_jar): Fix write return value check.
-- Marc Deslauriers <email address hidden> Fri, 18 Jun 2010 08:23:57 -0400