Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 15 Apr 2015 09:55:49 +0200
From: Moritz Muehlenhoff <>
Subject: Re: jar(1) -- directory traversal

On Fri, Jan 16, 2015 at 06:03:55AM +0300, Alexander Cherepanov wrote:
> Hi!
> jar(1) in Debian jessie (openjdk-7-jdk 7u71-2.5.3-2) is susceptible to a
> directory traversal vulnerability via absolute and relative paths. Other
> distros could also be interested in this issue.
> Initial report:
> Not sure if this is just CVE-2005-1080 not fixed or something else. But
> please note that CVE-2005-1080 talks about .. only.
> Debian security team forwarded the report to Oracle Security Team at
> 2015-01-12 11:01 +0100. Thanks!

This appears to have been fixed in the recent Java CPU and was assigned


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ