[Bug 1638922] [NEW] tar : CVE-2016-6321 not patched in stable
vishnunaini
1638922 at bugs.launchpad.net
Thu Nov 3 13:40:49 UTC 2016
Public bug reported:
CVE-2016-6321 path name extract bypass vulnerability is not patched in
stable releases of yakkety, xenial and other supported releases.
The maintainer appears to have only pushed the patch to zesty proposed.
Please push the patch for the stable releases as this bug could have
seroius implications in certain environments.
Upstream debian has already pushed the patch to stable.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-6321.html
** Affects: tar (Ubuntu)
Importance: Undecided
Status: New
** Tags: cve-2016-6321 needs-packaging patch-accepted-upstream
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6321
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1638922
Title:
tar : CVE-2016-6321 not patched in stable
Status in tar package in Ubuntu:
New
Bug description:
CVE-2016-6321 path name extract bypass vulnerability is not patched in
stable releases of yakkety, xenial and other supported releases.
The maintainer appears to have only pushed the patch to zesty
proposed.
Please push the patch for the stable releases as this bug could have
seroius implications in certain environments.
Upstream debian has already pushed the patch to stable.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-6321.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1638922/+subscriptions
More information about the foundations-bugs
mailing list