java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as
vulnerable
Ronald Klop
ronald-freebsd8 at klop.yi.org
Wed Aug 15 14:10:07 PDT 2007
The following reply was made to PR ports/115558; it has been noted by GNATS.
From: "Ronald Klop" <ronald-freebsd8 at klop.yi.org>
To: "Greg Lewis" <glewis at eyesbeyond.com>
Cc: "FreeBSD gnats submit" <FreeBSD-gnats-submit at freebsd.org>
Subject: Re: java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable
Date: Wed, 15 Aug 2007 23:00:24 +0200
On Wed, 15 Aug 2007 22:41:51 +0200, Greg Lewis <glewis at eyesbeyond.com>
wrote:
> The problem is, I think its still vulnerable:
>
> laptop> ls /tmp/test
> ls: /tmp/test: No such file or directory
> laptop> pwd
> /tmp/jar_test
> laptop> jar tf bad.jar
> META-INF/
> META-INF/MANIFEST.MF
> java-rmi.cgi
> ../../../../../../../../../../../../../../tmp/test
> laptop> /usr/local/linux-sun-jdk1.6.0/bin/jar xf bad.jar
> laptop> ls /tmp/test
> /tmp/test
> laptop> rm -f /tmp/test
> laptop> /usr/local/jdk1.6.0/bin/jar xf bad.jar
> ignoring entry ../../../../../../../../../../../../../../tmp/test
> laptop> ls /tmp/test
> ls: /tmp/test: No such file or directory
> laptop>
>
Then please close my PR. Thanks for testing this better than I did.
Ronald.
--
Ronald Klop
Amsterdam, The Netherlands
More information about the freebsd-java
mailing list