[Touch-packages] [Bug 1638922] [NEW] tar : CVE-2016-6321 not patched in stable

Public bug reported: CVE-2016-6321 path name extract bypass vulnerability is not patched in stable releases of yakkety, xenial and other supported releases. The maintainer appears to have only pushed the patch to zesty proposed. Please push the patch for the stable releases as this bug could

[Touch-packages] [Bug 1638922] Re: [needs-packaging] tar : CVE-2016-6321 not patched in stable

I removed the needs-packaging tag. Wasn't aware that it is only for new packages. ** Tags removed: needs-packaging -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tar in Ubuntu. https://bugs.launchpad.net/bugs/1638922

[Touch-packages] [Bug 1974196] Re: Installing libudev1 on a new Jammy installation uninstalls many packages.

We have tested the proposed patched version 2.4.7 against the current release version 2.4.5 posted at the above launchpad link via bug reproduction and general package installation process via standard cli and via python bindings and have no adverse observations. We have also tested against a