root
/
xz
mirror of https://git.tukaani.org/xz.git
1
0
Fork 0
Code Issues Releases Wiki Activity

NEWS: The security fix in 5.6.3 is known as CVE-2024-47611

This commit is contained in:
Lasse Collin 2025-01-23 11:40:46 +02:00
parent a04b9dd0c7
commit b3af3297e4
No known key found for this signature in database
GPG Key ID: 38EE757D69184620
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -5,7 +5,8 @@ XZ Utils Release Notes
5.6.3 (2024-10-01) 5.6.3 (2024-10-01)
IMPORTANT: This includes a Windows-specific security fix to IMPORTANT: This includes a Windows-specific security fix to
the command line tools. liblzma isn't affected by this issue. the command line tools (CVE-2024-47611). liblzma isn't affected
by this issue.
* liblzma: * liblzma:
@ -55,6 +56,7 @@ XZ Utils Release Notes
which can be exploited with malicious filenames to do which can be exploited with malicious filenames to do
argument injection or directory traversal attacks. argument injection or directory traversal attacks.
UTF-8 avoids best-fit mappings and thus fixes the issue. UTF-8 avoids best-fit mappings and thus fixes the issue.
(CVE-2024-47611)
Forcing the process code page to UTF-8 is possible only Forcing the process code page to UTF-8 is possible only
on Windows 10 version 1903 and later. The command line on Windows 10 version 1903 and later. The command line