[ubuntu/vivid-updates] click (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Oct 15 19:58:09 UTC 2015

click ( vivid-security; urgency=medium

  * SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
    can be used to install alternate security policy than what is defined
    - click/install.py: Forbid installing packages with data tarball members
      whose names do not start with "./". Patch thanks to Colin Watson.
    - CVE-2015-XXXX
    - LP: #1506467

Date: 2015-10-15 15:19:14.117187+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Colin Watson <cjwatson at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Vivid-changes mailing list