* SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
can be used to install alternate security policy than what is defined
- click/install.py: Forbid installing packages with data tarball members
whose names do not start with "./". Patch thanks to Colin Watson.
- CVE-2015-XXXX
- LP: #1506467
This bug was fixed in the package click - 0.4.39. 1+15.10. 20150702- 0ubuntu2
--------------- 1+15.10. 20150702- 0ubuntu2) wily; urgency=medium
click (0.4.39.
* SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
can be used to install alternate security policy than what is defined
- click/install.py: Forbid installing packages with data tarball members
whose names do not start with "./". Patch thanks to Colin Watson.
- CVE-2015-XXXX
- LP: #1506467
-- Jamie Strandboge <email address hidden> Thu, 15 Oct 2015 09:16:17 -0500