Comment 3 for bug 1941790

This bug was fixed in the package squashfs-tools - 1:4.4-2ubuntu0.1

---------------
squashfs-tools (1:4.4-2ubuntu0.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: Directory traversal via relative paths in unsquashfs
    (LP: #1941790)
    - debian/patches/0003-CVE-2021-40153.patch:
      Treat squashfs images which contain files with names containing
      constructs like ../ as corrupted in unsquash-N.c
    - CVE-2021-40153

 -- Alex Murray <email address hidden> Fri, 27 Aug 2021 14:54:27 +0930