1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2015-8860
PublicDate: 2017-01-23
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8860
Description:
The tar package before 2.0.0 for Node.js allows remote attackers to write
to arbitrary files via a symlink attack in an archive.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_node-tar:
upstream_node-tar: needs-triage
precise_node-tar: ignored (reached end-of-life)
precise/esm_node-tar: DNE (precise was needed)
trusty_node-tar: needed
vivid/stable-phone-overlay_node-tar: DNE
vivid/ubuntu-core_node-tar: DNE
wily_node-tar: ignored (reached end-of-life)
xenial_node-tar: needed
yakkety_node-tar: ignored (reached end-of-life)
zesty_node-tar: needed
devel_node-tar: needed
|