cvs commit: ports/java/jdk13/filespatch-j2sdk1.3.1-jar-Main.java
patch-j2sdk1.3.1-resources-jar.properties
Remko Lodder
remko at FreeBSD.org
Thu Apr 28 00:27:40 PDT 2005
Greg Lewis wrote:
> glewis 2005-04-27 20:31:33 UTC
>
> FreeBSD ports repository
>
> Added files:
> java/jdk13/files patch-j2sdk1.3.1-jar-Main.java
> patch-j2sdk1.3.1-resources-jar.properties
> Log:
> . Ensure that when files are extracted that their fully resolved path lies
> in or below the current working directory. Fixes a security problem with
> jar(1).
>
> This fix may change to be compatible with whatever fix Sun applies when
> they release the next version of 1.5.
>
> Revision Changes Path
> 1.1 +56 -0 ports/java/jdk13/files/patch-j2sdk1.3.1-jar-Main.java (new)
> 1.1 +11 -0 ports/java/jdk13/files/patch-j2sdk1.3.1-resources-jar.properties (new)
Thanks for fixing the vulnerability. Could you please add it the
next time to your commit? The portmgr team gave as a guideline:
Security: CAN-<whatever>
Security: http://vuxml.FreeBSD.org/<id>
etc.
Oh and perhaps you can mention in your commit that this did not
solve the browser plugin vulnerability.
Thanks!
--
Kind regards,
Remko Lodder ** remko at elvandar.org
Reporter DSINET ** remko at DSINet.org
Founder Tienervaders ** remko at tienervaders.org
FreeBSD Documentation Project ** remko at FreeBSD.org
More information about the cvs-all
mailing list