Date: Sat, 29 Oct 2016 21:04:40 -0700 >From: Paul Eggert <egg...@penguin.cs.ucla.edu> >------------- >Body: ur-type{attachments=[]; body=Package: tar >Version: 1.29b-1 >Severity: grave >Tags: security > >This has been assigned CVE-2016-6321: >https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt > >Cheers, > Moritz > >; header=Received: (at submit) by bugs.debian.org; 28 Oct 2016 08:27:14 0000 >From j...@debian.org Fri Oct 28 08:27:14 2016 >X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02 > (2014-02-07) on buxtehude.debian.org >X-Spam-Level: >X-Spam-Status: No, score=-12.4 required=4.0 tests=BAYES_00,FROMDEVELOPER, > HAS_PACKAGE,ONEWORD,RCVD_IN_DNSWL_MED,URIBL_CNKR,XMAILER_REPORTBUG, > X_DEBBUGS_CC autolearn=ham autolearn_force=no > version=3.4.0-bugs.debian.org_2005_01_02 >X-Spam-Bayes: score:0.0000 Tokens: new, 24; hammy, 84; neutral, 25; spammy, 0. > spammytokens: hammytokens:0.000- --H*x:6.6.6, 0.000- --H*UA:6.6.6, > 0.000- --H*M:reportbug, 0.000- --H*MI:reportbug, 0.000- --H*x:reportbug >Return-path: <j...@debian.org> >Received: from inutil.org ([83.151.30.8]) > by buxtehude.debian.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256) > (Exim 4.84_2) > (envelope-from <j...@debian.org>) > id 1c02VN-000643-Pb > for sub...@bugs.debian.org; Fri, 28 Oct 2016 08:27:13 0000 >Received: from dyndsl-095-033-044-233.ewe-ip-backbone.de ([95.33.44.233] helo=pisco.westfalen.local) > by inutil.org with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) > (Exim 4.72) > (envelope-from <j...@debian.org>) > id 1c02VK-0003Vz-HE; Fri, 28 Oct 2016 10:27:10 0200 >Received: from jmm by pisco.westfalen.local with local (Exim 4.87) > (envelope-from <j...@debian.org>) > id 1c02VJ-0006bv-1e; Fri, 28 Oct 2016 10:27:09 0200 >Content-Type: text/plain; charset="us-ascii" >MIME-Version: 1.0 >Content-Transfer-Encoding: 7bit >From: Moritz Muehlenhoff <j...@debian.org> >To: Debian Bug Tracking System <sub...@bugs.debian.org> >Subject: CVE-2016-6321 >Message-ID: <147764322902.25315.15378751384226787950.reportbug@pisco.westfalen.local> >X-Mailer: reportbug 6.6.6 >Date: Fri, 28 Oct 2016 10:27:09 0200 >X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>, > Debian Testing Security Team > <secure-testing-t...@lists.alioth.debian.org> >X-SA-Exim-Connect-IP: 95.33.44.233 >X-SA-Exim-Mail-From: j...@debian.org >X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false >Delivered-To: sub...@bugs.debian.org