tar : CVE-2016-6321 not patched in stable
Bug #1638922 reported by
vishnunaini
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tar (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
CVE-2016-6321 path name extract bypass vulnerability is not patched in stable releases of yakkety, xenial and other supported releases.
The maintainer appears to have only pushed the patch to zesty proposed.
Please push the patch for the stable releases as this bug could have seroius implications in certain environments.
Upstream debian has already pushed the patch to stable.
http://
https:/
CVE References
Revision history for this message
| Brian Murray (brian-murray) wrote | #1 |
| summary: |
- tar : CVE-2016-6321 not patched in stable + [needs-packaging] tar : CVE-2016-6321 not patched in stable |
| Changed in tar (Ubuntu): | |
| importance: | Undecided → Wishlist |
Revision history for this message
| vishnunaini (visred) wrote Re: [needs-packaging] tar : CVE-2016-6321 not patched in stable | #2 |
| tags: | removed: needs-packaging |
Revision history for this message
| vishnunaini (visred) wrote | #3 |
| Changed in tar (Ubuntu): | |
| status: | New → Fix Committed |
| status: | Fix Committed → Fix Released |
| summary: |
- [needs-packaging] tar : CVE-2016-6321 not patched in stable + tar : CVE-2016-6321 not patched in stable |
To post a comment you must log in.
*** This is an automated message ***
This bug is tagged needs-packaging which identifies it as a request for a new package in Ubuntu. As a part of the managing needs-packaging bug reports specification, https:/