Multiple directory traversals, symlink vulnerabilities and arbitrary file overwrite vulnerabilities in custom upload publishing code
Bug #529710 reported by
William Grant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Julian Edwards |
Bug Description
The custom upload publishing code in lib/lp/
I've successfully clobbered a couple of files around my system with a local PPA upload
Also, the various custom upload types have some bad sanitisation in their handlers. The versions, components etc. parsed from filenames are not sanitised.
Related branches
lp:~flacoste/launchpad/bug-529710
(Merged)
Changed in soyuz: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 10.03 |
Changed in soyuz: | |
status: | Triaged → In Progress |
Changed in soyuz: | |
status: | Fix Committed → Fix Released |
milestone: | 10.03 → 10.02 |
assignee: | nobody → Julian Edwards (julian-edwards) |
visibility: | private → public |
To post a comment you must log in.
ARGH. Can you add some examples of what you did please?