Bug#832620: kde4libs: CVE-2016-6232: Extraction of tar files possible to arbitrary system locations

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#832620: kde4libs: CVE-2016-6232: Extraction of tar files possible to arbitrary system locations
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 27 Jul 2016 17:28:05 +0200
Message-id: <[🔎] 146963328504.13372.18327717192820507616.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 832620@bugs.debian.org

Source: kde4libs
Version: 4:4.8.4-4
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for kde4libs.

CVE-2016-6232[0]:
Extraction of tar files possible to arbitrary system locations

Please note [1], were Balint noticed that the patch in 4:4.14.22-1 was
incomplete.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6232
[1] https://lists.debian.org/debian-lts/2016/07/msg00144.html

Regards,
Salvatore

Reply to:

Prev by Date: ***I libri Fazi Editore per l'estate***
Next by Date: Processing of kfilemetadata_4.14.3-1_source.changes
Previous by thread: ***I libri Fazi Editore per l'estate***
Next by thread: Processing of kfilemetadata_4.14.3-1_source.changes
Index(es):
- Date
- Thread