Change History (4)
follow-up: 3 comment:1 by , 7 years ago
comment:2 by , 7 years ago
Owner: | changed from | to
---|---|
Priority: | normal → high |
Status: | new → assigned |
Type: | enhancement → defect |
Fixes CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 - following the links for the first two of those, if you connect to a malicious server it can execute arbitrary code on your machine. The last allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
comment:3 by , 7 years ago
Replying to renodr:
HEADS UP - the tarball format changed. *.tar.xz is no longer available, it has to be *.tar.gz.
Correct. There is also a *.tar.lz - tar will try to use something called 'lzip' to process that, so not usable in BLFS.
Note:
See TracTickets
for help on using tickets.
HEADS UP - the tarball format changed. *.tar.xz is no longer available, it has to be *.tar.gz.