Summary: | <app-arch/dpkg-1.20.9-r1: directory traversal via crafted orig.tar and debian.tar | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | gyakovlev |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.debian.org/debian-security-announce/2022/msg00115.html | ||
Whiteboard: | B2 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-05-28 21:59:12 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=354a6035384dee11b2fb6a43298c1235838b6ae4 commit 354a6035384dee11b2fb6a43298c1235838b6ae4 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2023-01-04 08:48:32 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2023-01-04 08:48:32 +0000 app-arch/dpkg: stablebump, add CVE-2022-1664 patch Bug: https://bugs.gentoo.org/847976 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> .../{dpkg-1.20.9.ebuild => dpkg-1.20.9-r1.ebuild} | 3 +- .../dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch | 324 +++++++++++++++++++++ 2 files changed, 326 insertions(+), 1 deletion(-) bumped current stable, there are some bugs in current unstables, as soon as it'll be sorted out I'll file new stablereq and remove all other versions right after. Thanks! |