Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Jan 2017 12:15:48 -0500
From: Max Veytsman <>
Subject: CVE request: rubygem minitar: directory traversal vulnerability

Rubygem minitar allows attackers to overwrite arbitrary files during
archive extraction via a .. (dot dot) in an extracted filename.


Upstream patch:

The same issue exists in rubygem archive-tar-minitar

I believe they're based on the same codebase, and minitar is the officially
supported fork, so I'm not sure if this warrants two CVEs or just one.

Max Veytsman
@mveytsman <>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ