[Bug 207965] [nanobsd] regression during disk image build after CVE-2015-2304 fix/libarchive 3.2.0 update
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat May 14 12:50:08 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207965
--- Comment #2 from Jason Unovitch <junovitch at freebsd.org> ---
Created attachment 170272
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=170272&action=edit
add --insecure to cpio calls
Use --insecure to on cpio(1) calls
As of libarchive-3.2.0, extraction to absolute paths is considered an insecure
behavior to address CVE-2015-2304. The --insecure flag must to used to allow
extraction to absolute paths.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list