The following reply was made to PR ports/115558; it has been
noted by GNATS.
From: "Ronald Klop" <ronald-freebsd8 klop.yi.org>
To: "Greg Lewis" <glewiseyesbeyond.com>
Cc: "FreeBSD gnats submit"
<FreeBSD-gnats-submitfreebsd.org>
Subject: Re: java/115558: linux-sun-jdk-1.6.0.02 is
incorrectly marked as vulnerable
Date: Wed, 15 Aug 2007 23:00:24 +0200
On Wed, 15 Aug 2007 22:41:51 +0200, Greg Lewis
<glewiseyesbeyond.com>
wrote:
> The problem is, I think its still vulnerable:
>
> laptop> ls /tmp/test
> ls: /tmp/test: No such file or directory
> laptop> pwd
> /tmp/jar_test
> laptop> jar tf bad.jar
> META-INF/
> META-INF/MANIFEST.MF
> java-rmi.cgi
> ../../../../../../../../../../../../../../tmp/test
> laptop> /usr/local/linux-sun-jdk1.6.0/bin/jar xf
bad.jar
> laptop> ls /tmp/test
> /tmp/test
> laptop> rm -f /tmp/test
> laptop> /usr/local/jdk1.6.0/bin/jar xf bad.jar
> ignoring entry
../../../../../../../../../../../../../../tmp/test
> laptop> ls /tmp/test
> ls: /tmp/test: No such file or directory
> laptop>
>
Then please close my PR. Thanks for testing this better
than I did.
Ronald.
--
Ronald Klop
Amsterdam, The Netherlands
_______________________________________________
freebsd-javafreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to
"freebsd-java-unsubscribefreebsd.org"
|
