*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
The squashfs-tools 4.5 release addresses an issue where `unsquashfs` can extract files outside of its target directory, given a malicious input file. This issue was reported back in 2019 at: https://github.com/plougher/squashfs-tools/issues/72 The squashfs-tools release notes mention the fix: https://github.com/plougher/squashfs-tools/blob/master/CHANGES > 3.13 Unsquashfs "write outside directory" exploit fixed. Is Ubuntu aware of this issue w.r.t. back porting to distro release versions squashfs-tools? ** Affects: squashfs-tools (Ubuntu) Importance: Undecided Status: New -- squashfs-tools 4.5 / "write outside directory" exploit fix back port? https://bugs.launchpad.net/bugs/1941790 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs