Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch CVE-2007-4559 #1113

Closed
phargogh opened this issue Nov 8, 2022 · 0 comments · Fixed by #1114
Closed

Patch CVE-2007-4559 #1113

phargogh opened this issue Nov 8, 2022 · 0 comments · Fixed by #1114
Assignees
@phargogh
Labels
bug Something isn't working in progress This issue is actively being worked on

Comments

@phargogh
Copy link
Member

phargogh commented Nov 8, 2022

The Trellix security team submitted a patch for CVE-2007-4559 in #1099, which we declined for some good reasons.

After thinking about this, I think it would actually be very wise for us to patch this exactly because of our use of tarfiles in datastacks. The intent of a datastack archive is to allow someone to share their data with us, and a maliciously-constructed datastack archive would be a very easy way to take advantage. So we might as well patch it, even if just in case.
@phargogh phargogh added bug Something isn't working in progress This issue is actively being worked on labels Nov 8, 2022
@phargogh phargogh self-assigned this Nov 8, 2022
phargogh added a commit to phargogh/invest that referenced this issue Nov 8, 2022
@phargogh
Adding the Trellix patch for the CVE. RE:natcap#1113
431f2c9
phargogh added a commit to phargogh/invest that referenced this issue Nov 8, 2022
@phargogh
Using the new function everywhere I can find it. RE:natcap#1113
5da83cd
phargogh added a commit to phargogh/invest that referenced this issue Nov 8, 2022
@phargogh
Noting change in HISTORY. RE:natcap#1113
cbfde1d
@phargogh phargogh mentioned this issue Nov 8, 2022
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phargogh phargogh

Labels
bug Something isn't working in progress This issue is actively being worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bugfix/1113 patch CVE-2007-4559 phargogh/invest
1 participant
@phargogh