root
/
xz
mirror of https://git.tukaani.org/xz.git
1
0
Fork 0
Code Issues Releases Wiki Activity

NEWS: The security fix in 5.6.3 is known as CVE-2024-47611

This commit is contained in:
Lasse Collin 2025-01-23 11:40:46 +02:00
parent a04b9dd0c7
commit b3af3297e4
No known key found for this signature in database
GPG Key ID: 38EE757D69184620
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -5,7 +5,8 @@ XZ Utils Release Notes
5.6.3 (2024-10-01)
IMPORTANT: This includes a Windows-specific security fix to
the command line tools. liblzma isn't affected by this issue.
the command line tools (CVE-2024-47611). liblzma isn't affected
by this issue.
* liblzma:
@ -55,6 +56,7 @@ XZ Utils Release Notes
which can be exploited with malicious filenames to do
argument injection or directory traversal attacks.
UTF-8 avoids best-fit mappings and thus fixes the issue.
(CVE-2024-47611)
Forcing the process code page to UTF-8 is possible only
on Windows 10 version 1903 and later. The command line