PublicDateAtUSN: 2010-05-25
Candidate: CVE-2010-0831
PublicDate: 2010-06-18 18:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831
 https://ubuntu.com/security/notices/USN-953-1
Description:
 Directory traversal vulnerability in the extract_jar function in jartool.c
 in FastJar 0.98 allows remote attackers to create or overwrite arbitrary
 files via a .. (dot dot) in a non-initial pathname component in a filename
 within a .jar archive, a related issue to CVE-2005-1080.  NOTE: this
 vulnerability exists because of an incomplete fix for CVE-2006-3619.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/fastjar/+bug/540575
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_fastjar:
upstream_fastjar: needs-triage
dapper_fastjar: DNE
hardy_fastjar: released (2:0.95-1ubuntu2.1)
jaunty_fastjar: released (2:0.97-3ubuntu0.1)
karmic_fastjar: released (2:0.98-1ubuntu0.9.10.1)
lucid_fastjar: released (2:0.98-1ubuntu0.10.04.1)
devel_fastjar: released (2:0.98-3)