Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote malicious users to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
Debian Bug report logs -
#774978
pigz: CVE-2015-1191: directory traversal vulnerability
Package:
pigz;
Maintainer for pigz is Eduard Bloch <blade@debianorg>; Source for pigz is src:pigz (PTS, buildd, popcon)
Reported by: Alexander Cherepanov <cherepan@mccmeru>
Date: Fri, 9 Jan 2015 16:42:02 UTC
Severity: normal
T ...
Multiple directory traversal vulnerabilities in pigz 231 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) (dot dot) in an archive ...
Vulmon