[SECURITY] [DLA 245-1] p7zip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 245-1] p7zip security update
From: Ben Hutchings <benh@debian.org>
Date: Sun, 14 Jun 2015 19:45:51 +0100
Message-id: <[🔎] 1434307551.9977.17.camel@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : p7zip
Version        : 9.04~dfsg.1-1+deb6u1
CVE ID         : CVE-2015-1038
Debian Bug     : 774660

Alexander Cherepanov discovered that p7zip is susceptible to a
directory traversal vulnerability.  While extracting an archive, it
will extract symlinks and then follow them if they are referenced in
further entries.  This can be exploited by a rogue archive to write
files outside the current directory.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 9.04~dfsg.1-1+deb6u1.

For the oldstable distribution (wheezy) and stable distribution
(jessie), this problem will be fixed soon.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SECURITY] [DLA 244-1] strongswan security update
Next by Date: [SECURITY] [DLA 246-1] linux-2.6 security update
Previous by thread: [SECURITY] [DLA 244-1] strongswan security update
Next by thread: [SECURITY] [DLA 246-1] linux-2.6 security update
Index(es):
- Date
- Thread