This was assigned CVE-2015-8768, see http://www.openwall.com/lists/oss- security/2016/01/12/8
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8768 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1506467 Title: click install does not ignore shipped files without leading './' Status in Canonical System Image: Fix Released Status in click package in Ubuntu: Fix Released Status in click source package in Trusty: Fix Released Status in click source package in Vivid: Fix Released Status in click source package in Wily: Fix Released Bug description: The click install process does not filter out all illegitimate paths during the install process. For example, an app can ship '.click' in data.tar.gz which interferes with package installs. './.click/' is correctly filtered. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1506467/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
