It is very sad that CVE-2007-4476 hasn't received any attention from the security team for several months. After reading some high-level descriptions and changelogs, it looks like Feisty and Dapper are vulnerable and that this bug might lead to arbitrary code execution when unpacking a malicious file. Unpacking tarballs downloaded from the Internet is fairly common. The bug has been publicly disclosed a long time ago. If this bug is actually exploitable, it poses a considerable risk on the users.
It would be nice if someone from the Ubuntu security team could comment here about the status of this bug. Did you analyze the problem and found that it is not possible to exploit it? Is it going to be fixed in near future or maybe it's a WontFix? -- [tar] [CVE-2007-4476] Buffer overflow https://bugs.launchpad.net/bugs/180299 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
