Bug 1598068 - security issue: reposync follows remotely-provided relative paths including ../
Summary: security issue: reposync follows remotely-provided relative paths including ../
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: dnf-plugins-core
Version: 29
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Marek Blaha
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1552328 CVE-2018-10897
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-04 09:16 UTC by Marek Blaha
Modified: 2019-04-04 11:44 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1552328
Environment:
Last Closed: 2019-04-04 11:44:32 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Comment 1 Jan Kurik 2018-08-14 10:53:26 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle.
Changing version to '29'.
Note You need to log in before you can comment on or make changes to this bug.