[SCM] Git repository for devscripts branch, squeeze, updated. v2.10.69+squeeze3-5-gab3e4a4
James McCoy
jamessan at debian.org
Sat Sep 15 19:42:42 UTC 2012
The following commit has been merged in the squeeze branch:
commit 79d27778321f7bb778097cfb7a724ae976fb4fbd
Author: Adam D. Barratt <adam at adam-barratt.org.uk>
Date: Fri Sep 14 12:37:26 2012 -0500
dget: fix arbitrary file deletion (CVE-2012-2241)
Reviewed-by: Raphael Geissert <geissert at debian.org>
Signed-off-by: Raphael Geissert <geissert at debian.org>
Signed-off-by: James McCoy <jamessan at debian.org>
diff --git a/scripts/dget.pl b/scripts/dget.pl
index c2ffe9a..c2495b2 100755
--- a/scripts/dget.pl
+++ b/scripts/dget.pl
@@ -229,7 +229,10 @@ sub parse_file {
open $fh, $file or die "$file: $!";
while (<$fh>) {
if (/^ ([0-9a-f]{32}) (?:\S+ )*(\S+)$/) {
- get_file($dir, $2, $1) or return;
+ my ($_sum, $_file) = ($1, $2);
+ $_file !~ m,[/\x00],
+ or die "File name contains invalid characters: $_file";
+ get_file($dir, $_file, $_sum) or return;
}
}
close $fh;
--
Git repository for devscripts
More information about the devscripts-devel
mailing list