aboutsummaryrefslogtreecommitdiff
path: root/configs/qemu_xtensa_lx60_nommu_defconfig
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2019-02-11 23:22:02 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2019-02-12 21:27:35 +0100
commita83e30ad63e00d6c81a6409161c2d3010d98d373 (patch)
treee8bdf57af51a26a87ffe81f5316e97a082e9ce97 /configs/qemu_xtensa_lx60_nommu_defconfig
parent424a90241c07fd15cd1caadd707f751461cf11fc (diff)
downloadbuildroot-a83e30ad63e00d6c81a6409161c2d3010d98d373.tar.gz
buildroot-a83e30ad63e00d6c81a6409161c2d3010d98d373.tar.bz2
utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling
For details, see https://github.com/snyk/zip-slip-vulnerability Older python versions do not validate that the extracted files are inside the target directory. Detect and error out on evil paths before extracting .zip / .tar file. Given the scope of this (zip issue was fixed in python 2.7.4, released 2013-04-06, scanpypi is only used by a developer when adding a new python package), the security impact is fairly minimal, but it is good to get it fixed anyway. Reported-by: Bas van Schaik <security-reports@semmle.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'configs/qemu_xtensa_lx60_nommu_defconfig')
0 files changed, 0 insertions, 0 deletions