PublicDateAtUSN: 2021-12-24 00:00:00 UTC
Candidate: CVE-2021-31566
PublicDate: 2021-12-24 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31566
 https://ubuntu.com/security/notices/USN-5291-1
Description:
 symbolic links incorrectly followed when changing modes, times, ACL and
 flags of a file while extracting an archive
Ubuntu-Description:
Notes:
 mdeslaur> intrusive backport to bionic
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001990
 https://github.com/libarchive/libarchive/issues/1566
Priority: low
Discovered-by:
Assigned-to:
CVSS:


Patches_libarchive:
 upstream: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2)
 upstream: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2)
 upstream: https://github.com/libarchive/libarchive/commit/8a1bd5c18e896f0411a991240ce0d772bb02c840
 upstream: https://github.com/libarchive/libarchive/commit/ede459d2ebb879f5eedb6f7abea203be0b334230
upstream_libarchive: released (3.5.2-1)
trusty/esm_libarchive: needs-triage
esm-infra/xenial_libarchive: needs-triage
trusty_libarchive: ignored (out of standard support)
xenial_libarchive: ignored (out of standard support)
bionic_libarchive: needed
focal_libarchive: released (3.4.0-2ubuntu1.1)
hirsute_libarchive: ignored (reached end-of-life)
impish_libarchive: released (3.4.3-2ubuntu0.1)
jammy_libarchive: not-affected (3.5.2-1)
devel_libarchive: not-affected (3.5.2-1)