[v3.0] p7zip: remote directory traversal flaw (CVE-2015-1038)
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
References:
•MLIST:[oss-security] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/lists/oss-security/2015/01/11/2
•MISC: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
•MISC: https://bugzilla.redhat.com/show\_bug.cgi?id=1179505
•BID:71890
•URL: http://www.securityfocus.com/bid/71890
•XF:p7zip-cve20151038-symlink(99970)
•URL: http://xforce.iss.net/xforce/xfdb/99970
(from redmine: issue id 3830, created on 2015-01-29, closed on 2017-09-05)
- Relations:
- parent #3827