Re: CVE-2016-6232 / kdelibs4

To: debian-lts@lists.debian.org
Subject: Re: CVE-2016-6232 / kdelibs4
From: Chris Lamb <lamby@debian.org>
Date: Tue, 19 Jul 2016 08:56:04 +0200
Message-id: <[🔎] 1468911364.226400.670284089.04CC86D1@webmail.messagingengine.com>
In-reply-to: <[🔎] 87h9bmpoab.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 87h9bmpoab.fsf@prune.linuxpenguins.xyz>

> Looks like this is an issue if you try to extract a tar file that
> contains relative paths outside the archives root. Is this considered a
> security issue we need to address?

(Replying quickly here so apologies for the lack of context/references but
there was previous discussion on this topic around busybox/CVE-2011-5325)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

References:
- CVE-2016-6232 / kdelibs4
  - From: Brian May <bam@debian.org>

Prev by Date: Wheezy update of libupnp?
Next by Date: Re: Wheezy update of kde4libs?
Previous by thread: CVE-2016-6232 / kdelibs4
Next by thread: Wheezy update of python-django?
Index(es):
- Date
- Thread