This bug was fixed in the package click -
0.4.40+15.10.20151006-0ubuntu1.1
---
click (0.4.40+15.10.20151006-0ubuntu1.1) wily; urgency=medium
* SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
can be used to install alternate security policy than what is
** Also affects: savilerow
Importance: Undecided
Status: New
** Changed in: savilerow
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1479001
Title:
** Changed in: canonical-devices-system-image
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1479001
Title:
Older version of a user installed click is
** Changed in: canonical-devices-system-image
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1479001
Title:
Older version of a user installed click is not
** Changed in: canonical-devices-system-image
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1479001
Title:
Older version of a user installed click is not
** Changed in: click (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1479001
Title:
Older version of a user installed click is not updated by custom
** Branch linked: lp:~kyrofa/click/bugfix_1479001
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1479001
Title:
Older version of a user installed click is not updated by custom or
base
I think many of the duplicates assigned to this bug are actually a separate bug.
One bug is about "packages installed by the updater are not released when new
versions installed with the image".
The other is "storage view should aggregate different versions of packages with
the same name".
So,
** Summary changed:
- OTA update: lower user click not updated by custom tarball higher click
+ Older version of a user installed click is not updated by custom or base
pre-installed clicks with a more recent version
** Description changed:
- A user in the field has OTA5 installed. But one