*** This is an automated message *** This bug is tagged needs-packaging which identifies it as a request for a new package in Ubuntu. As a part of the managing needs-packaging bug reports specification, https://wiki.ubuntu.com/QATeam/Specs/NeedsPackagingBugs, all needs- packaging bug reports have Wishlist importance. Subsequently, I'm setting this bug's status to Wishlist.
** Summary changed: - tar : CVE-2016-6321 not patched in stable + [needs-packaging] tar : CVE-2016-6321 not patched in stable ** Changed in: tar (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tar in Ubuntu. https://bugs.launchpad.net/bugs/1638922 Title: [needs-packaging] tar : CVE-2016-6321 not patched in stable Status in tar package in Ubuntu: New Bug description: CVE-2016-6321 path name extract bypass vulnerability is not patched in stable releases of yakkety, xenial and other supported releases. The maintainer appears to have only pushed the patch to zesty proposed. Please push the patch for the stable releases as this bug could have seroius implications in certain environments. Upstream debian has already pushed the patch to stable. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339 https://people.canonical.com/~ubuntu- security/cve/2016/CVE-2016-6321.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1638922/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
