touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #128310
[Bug 1506467] Re: click install does not ignore shipped files without leading './'
This was assigned CVE-2015-8768, see http://www.openwall.com/lists/oss-
security/2016/01/12/8
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8768
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click in Ubuntu.
https://bugs.launchpad.net/bugs/1506467
Title:
click install does not ignore shipped files without leading './'
Status in Canonical System Image:
Fix Released
Status in click package in Ubuntu:
Fix Released
Status in click source package in Trusty:
Fix Released
Status in click source package in Vivid:
Fix Released
Status in click source package in Wily:
Fix Released
Bug description:
The click install process does not filter out all illegitimate paths
during the install process. For example, an app can ship '.click' in
data.tar.gz which interferes with package installs. './.click/' is
correctly filtered.
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1506467/+subscriptions