1
PublicDateAtUSN: 2015-03-15
2
Candidate: CVE-2015-2304
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304
6
http://www.openwall.com/lists/oss-security/2015/01/16/7
7
https://github.com/libarchive/libarchive/pull/110
8
http://www.openwall.com/lists/oss-security/2015/01/07/5
9
http://www.debian.org/security/2015/dsa-3180
10
https://usn.ubuntu.com/usn/usn-2549-1
12
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and
13
earlier allows remote attackers to write to arbitrary files via a full
14
pathname in an archive.
18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778266
19
https://groups.google.com/forum/#!msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J
25
upstream: https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526
26
upstream_libarchive: released (3.1.2-11)
27
lucid_libarchive: ignored (reached end-of-life)
28
precise_libarchive: released (3.0.3-6ubuntu1.1)
29
trusty_libarchive: released (3.1.2-7ubuntu2.1)
30
utopic_libarchive: released (3.1.2-9ubuntu0.1)
31
devel_libarchive: not-affected (3.1.2-11)