Change History (4)
follow-up: 3 comment:1 by , 8 years ago
comment:2 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → high |
| Status: | new → assigned |
| Type: | enhancement → defect |
Fixes CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 - following the links for the first two of those, if you connect to a malicious server it can execute arbitrary code on your machine. The last allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
comment:3 by , 8 years ago
Replying to renodr:
HEADS UP - the tarball format changed. *.tar.xz is no longer available, it has to be *.tar.gz.
Correct. There is also a *.tar.lz - tar will try to use something called 'lzip' to process that, so not usable in BLFS.
Note:
See TracTickets
for help on using tickets.
HEADS UP - the tarball format changed. *.tar.xz is no longer available, it has to be *.tar.gz.