mirror of
https://github.com/motioneye-project/motioneyeos.git
synced 2025-04-20 05:17:17 +00:00
c0ce796f57
Fixes the following security issues: - CVE-2019-8320: Delete directory using symlink when decompressing tar - CVE-2019-8321: Escape sequence injection vulnerability in verbose - CVE-2019-8322: Escape sequence injection vulnerability in gem owner - CVE-2019-8323: Escape sequence injection vulnerability in API response handling - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution - CVE-2019-8325: Escape sequence injection vulnerability in errors Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 900982313786d3537417f18251732ab7dca95553) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>