pidgin/pidgin
Fix a bug in the untar code that we use on Windows where we
weren't stripping the drive letter from the path of files in the
tar archive, which could allow a malicious tar file to overwrite
arbitrary files on the file system.
Thanks to Yves Younan of Sourcefire VRT for discovering this and
reporting it to us.
weren't stripping the drive letter from the path of files in the
tar archive, which could allow a malicious tar file to overwrite
arbitrary files on the file system.
Thanks to Yves Younan of Sourcefire VRT for discovering this and
reporting it to us.