Red Hat Bugzilla – Bug 225552
CVE-2006-3619 Directory traversal issue in jar
Last modified: 2007-11-30 17:07:10 EST
+++ This bug was initially created as a clone of Bug #198912 +++
When unpacking a .JAR archive with filenames with "../../../...." in it,
"fastjar" from GCC will happily unpack in the "../../../...." directory.
(Credits go to Juergen Weigert for finding this.)
The GCC bug report can be found here:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.