root/xz
1
0
Fork 0
mirror of https://git.tukaani.org/xz.git synced 2025-03-02 14:40:40 +00:00
Code Issues Releases Wiki Activity

NEWS: The security fix in 5.6.3 is known as CVE-2024-47611

Browse Source 
(cherry picked from commit b3af3297e4d6cf0eafb48155aa97bb06c82a9228)
This commit is contained in:
Lasse Collin 2025-01-23 11:40:46 +02:00
parent 9295008837
commit 608dec5bc6
No known key found for this signature in database
GPG Key ID: 38EE757D69184620
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -5,7 +5,8 @@ XZ Utils Release Notes
5.6.3 (2024-10-01) 5.6.3 (2024-10-01)
IMPORTANT: This includes a Windows-specific security fix to IMPORTANT: This includes a Windows-specific security fix to
the command line tools. liblzma isn't affected by this issue. the command line tools (CVE-2024-47611). liblzma isn't affected
by this issue.
* liblzma: * liblzma:
@ -55,6 +56,7 @@ XZ Utils Release Notes
which can be exploited with malicious filenames to do which can be exploited with malicious filenames to do
argument injection or directory traversal attacks. argument injection or directory traversal attacks.
UTF-8 avoids best-fit mappings and thus fixes the issue. UTF-8 avoids best-fit mappings and thus fixes the issue.
(CVE-2024-47611)
Forcing the process code page to UTF-8 is possible only Forcing the process code page to UTF-8 is possible only
on Windows 10 version 1903 and later. The command line on Windows 10 version 1903 and later. The command line