Candidate: CVE-2016-6299
PublicDate: 2017-04-14 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6299
 https://bugzilla.redhat.com/show_bug.cgi?id=1375490
 https://github.com/rpm-software-management/mock/commit/8b02f43beadacf6911200b48d94e39e891a41da9
Description:
 The scm plug-in in mock might allow attackers to bypass the intended chroot
 protection mechanism and gain root privileges via a crafted spec file.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Florian Weimer
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_mock:
 upstream: https://github.com/rpm-software-management/mock/commit/8b02f43beadacf6911200b48d94e39e891a41da9
upstream_mock: needs-triage
precise_mock: DNE
precise/esm_mock: DNE
trusty_mock: ignored (reached end-of-life)
trusty/esm_mock: DNE (trusty was needed)
vivid/stable-phone-overlay_mock: DNE
vivid/ubuntu-core_mock: DNE
xenial_mock: ignored (end of standard support, was needed)
yakkety_mock: ignored (reached end-of-life)
zesty_mock: ignored (reached end-of-life)
artful_mock: ignored (reached end-of-life)
bionic_mock: not-affected (1.3.2-1)
cosmic_mock: not-affected (1.3.2-1)
disco_mock: not-affected (1.3.2-1)
eoan_mock: not-affected (1.3.2-1)
focal_mock: DNE
groovy_mock: DNE
hirsute_mock: DNE
impish_mock: DNE
jammy_mock: DNE
devel_mock: DNE