[SECURITY] [DLA 564-1] tardiff security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : tardiff
Version : 0.1-1+deb7u1
CVE ID : CVE-2015-0857 CVE-2015-0858
Two vulnerabilities were found in tardiff:
CVE-2015-0857
Arbitrary command execution was possible via shell metacharacters
in the name of a (1) tar file or (2) file within a tar file.
CVE-2015-0858
Local users could write to arbitrary files via a symlink attack on
a pathname in a /tmp/tardiff-$$ temporary directory.
For Debian 7 "Wheezy", these problems have been fixed in version
0.1-1+deb7u1.
We recommend that you upgrade your tardiff packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXmTATAAoJEJ1GxIjkNoMC6RgP/2SjVDnQ1Nev8YF3v7RXB+ZN
IXBc6+51//qheVprXrJuzRhJIH7ZyZU6WjfQlZRpOhZvgoQQz2841KeZUnD6I9yf
e04TbWQUpjbUxmKffbVv4rUZazQ84Te+xvNfQ/MMcecg63JD/eQONM6m11qTf05h
RWGfn7xJMzLEfteivwEcrkn+SrrwnJRvLY9IVMWuTYT3TNUVgNoRGnF83s8Zq4qN
BSF66e0XxuTnAj1Z0cBBzGP5HTEI/hBkqaoLmRF4xW0TE5SSxEZ7rnNWtkiHjg/M
9v6QUKVSFOf9cTvsHAOxP5UklzKFqC/aqYvRbiOEUjXcuSaU5XT6Bcu2yeaOmgoI
BZd3YEOlOq0c8umnJyI/G8W/m/VIbVEM6xfzeSxbt36Vb/OFWCqGEx63oK/x1YRq
ODss3/wCzCDOh/U5nSt5YfknFVaQnqU3ELO/jWc3LbmBkOsi6Hz6K+5ULzgkKuUI
XOCpWlQ1Wni7K0iTnXwpBEkCAVTiMzi/NFmQUvuz2j8o9Ss+kVSWDlZAceS/foSo
NVomyity/Ovc7UuZStIo94oS4+Te37hRFRT6xjx6NaDP1F/uhPhFZFe/1mqNl32v
DLclhLvvDyJMN6sRpL8MhAwp1oGPPk8nDcVNtJ+pmwFP+d47ih8jgJQN9Fn3h38m
g4GAN+CScz1B3UW1b4PH
=kEsk
-----END PGP SIGNATURE-----
Reply to: