Hello,
Just wondering if I we need to fix CVE-2016-6232 in kdelib4 or not?
Looks like this is an issue if you try to extract a tar file that
contains relative paths outside the archives root. Is this considered a
security issue we need to address?
Such as this one that comes as a test case:
# t
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of python-django:
https://security-tracker.debian.org/tracker/CVE-2016-6186
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of kde4libs:
https://security-tracker.debian.org/tracker/CVE-2016-6232
Would you like to take care of this yourself?
If yes, please follow the workflow we have defin
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libupnp:
https://security-tracker.debian.org/tracker/TEMP-000-867096
Would you like to take care of this yourself?
If yes, please follow the workflow we have
> Looks like this is an issue if you try to extract a tar file that
> contains relative paths outside the archives root. Is this considered a
> security issue we need to address?
(Replying quickly here so apologies for the lack of context/references but
there was previous discussion on this topic
