[ubuntu/wily-proposed] click 0.4.39.1+15.10.20150702-0ubuntu2 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Thu Oct 15 15:02:47 UTC 2015
click (0.4.39.1+15.10.20150702-0ubuntu2) wily; urgency=medium
* SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
can be used to install alternate security policy than what is defined
- click/install.py: Forbid installing packages with data tarball members
whose names do not start with "./". Patch thanks to Colin Watson.
- CVE-2015-XXXX
- LP: #1506467
Date: Thu, 15 Oct 2015 09:16:17 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Colin Watson <cjwatson at ubuntu.com>
https://launchpad.net/ubuntu/+source/click/0.4.39.1+15.10.20150702-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 15 Oct 2015 09:16:17 -0500
Source: click
Binary: click click-dev python3-click libclick-0.4-0 libclick-0.4-dev gir1.2-click-0.4 click-doc packagekit-plugin-click
Architecture: source
Version: 0.4.39.1+15.10.20150702-0ubuntu2
Distribution: wily
Urgency: medium
Maintainer: Colin Watson <cjwatson at ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
click - Click packages
click-dev - build Click packages
click-doc - Click packages (documentation)
gir1.2-click-0.4 - GIR bindings for Click package management library
libclick-0.4-0 - run-time Click package management library
libclick-0.4-dev - development files for Click package management library
packagekit-plugin-click - Click packages (PackageKit plugin)
python3-click - Click packages (Python 3 interface)
Launchpad-Bugs-Fixed: 1506467
Changes:
click (0.4.39.1+15.10.20150702-0ubuntu2) wily; urgency=medium
.
* SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
can be used to install alternate security policy than what is defined
- click/install.py: Forbid installing packages with data tarball members
whose names do not start with "./". Patch thanks to Colin Watson.
- CVE-2015-XXXX
- LP: #1506467
Checksums-Sha1:
a1e752de07863d9143eb0780099661d799e1267f 2868 click_0.4.39.1+15.10.20150702-0ubuntu2.dsc
227b72e0c1d220af2e333c46e490d05a084bfbb7 19768 click_0.4.39.1+15.10.20150702-0ubuntu2.debian.tar.xz
Checksums-Sha256:
bf14a1453748b4c443dbee0b5800179e054f3e3684d5cd4d6bd784e5e47257ba 2868 click_0.4.39.1+15.10.20150702-0ubuntu2.dsc
939df65bcbe4b29a47e2f6a10107d528d9240d0cc365a2f7c3965062dc0bfcfe 19768 click_0.4.39.1+15.10.20150702-0ubuntu2.debian.tar.xz
Files:
40b9bc4716d95a333462f2f93572d01c 2868 admin optional click_0.4.39.1+15.10.20150702-0ubuntu2.dsc
ce2ec2c82ff7a45b104a1080b16eb941 19768 admin optional click_0.4.39.1+15.10.20150702-0ubuntu2.debian.tar.xz
More information about the Wily-changes
mailing list