* SECURITY UPDATE: Directory traversal via relative paths in unsquashfs
(LP: #1941790)
- debian/patches/0003-CVE-2021-40153.patch:
Treat squashfs images which contain files with names containing
constructs like ../ as corrupted in unsquash-N.c
- CVE-2021-40153
-- Alex Murray <email address hidden> Fri, 27 Aug 2021 14:54:27 +0930
This bug was fixed in the package squashfs-tools - 1:4.4-2ubuntu0.1
---------------
squashfs-tools (1:4.4-2ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Directory traversal via relative paths in unsquashfs patches/ 0003-CVE- 2021-40153. patch:
(LP: #1941790)
- debian/
Treat squashfs images which contain files with names containing
constructs like ../ as corrupted in unsquash-N.c
- CVE-2021-40153
-- Alex Murray <email address hidden> Fri, 27 Aug 2021 14:54:27 +0930