*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Seth Arnold (seth-arnold):

The squashfs-tools 4.5 release addresses an issue where `unsquashfs` can
extract files outside of its target directory, given a malicious input
file.

This issue was reported back in 2019 at:
https://github.com/plougher/squashfs-tools/issues/72

The squashfs-tools release notes mention the fix:
https://github.com/plougher/squashfs-tools/blob/master/CHANGES

> 3.13 Unsquashfs "write outside directory" exploit fixed.

Is Ubuntu aware of this issue w.r.t. back porting to distro release
versions squashfs-tools?

** Affects: squashfs-tools (Ubuntu)
     Importance: Undecided
         Status: New

-- 
squashfs-tools 4.5 / "write outside directory" exploit fix back port?
https://bugs.launchpad.net/bugs/1941790
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to