Bug #27002 :: Filename manipulation vulnerabilities (CVE-2020-28948 / CVE-2020-28949)

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 1.5.0

Bug #27002	Filename manipulation vulnerabilities (CVE-2020-28948 / CVE-2020-28949)
Submitted:	2020-11-19 22:04 UTC
From:	mrook	Assigned:	mrook
Status:	Closed	Package:	Archive_Tar (version 1.4.10)
PHP Version:	Irrelevant	OS:
Roadmaps:	1.4.11
Subscription	Your email:

Comments Add Comment Add patch

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem : 9 + 37 = ?

[2020-11-19 22:04 UTC] mrook (Michiel Rook)

Description:
------------
See:

* https://github.com/pear/Archive_Tar/issues/33
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949

Comments

[2020-11-19 22:06 UTC] mrook (Michiel Rook)

-Status:      Open
+Status:      Closed
-Assigned To:
+Assigned To: mrook
Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pear.php.net/get/