Public bug reported: CVE-2016-6321 path name extract bypass vulnerability is not patched in stable releases of yakkety, xenial and other supported releases.
The maintainer appears to have only pushed the patch to zesty proposed. Please push the patch for the stable releases as this bug could have seroius implications in certain environments. Upstream debian has already pushed the patch to stable. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339 https://people.canonical.com/~ubuntu- security/cve/2016/CVE-2016-6321.html ** Affects: tar (Ubuntu) Importance: Undecided Status: New ** Tags: cve-2016-6321 needs-packaging patch-accepted-upstream ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6321 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1638922 Title: tar : CVE-2016-6321 not patched in stable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1638922/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
