Candidate: CVE-2016-3180
PublicDate: 2017-02-07 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3180
Description:
 Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the
 initial run, allows man-in-the-middle attackers to bypass the PGP signature
 verification and execute arbitrary code via a Trojan horse tar file and a
 signature file with the valid tarball and signature.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/micahflee/torbrowser-launcher/issues/229
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_torbrowser-launcher:
upstream_torbrowser-launcher: released (0.2.4-1)
precise_torbrowser-launcher: DNE
precise/esm_torbrowser-launcher: DNE
trusty_torbrowser-launcher: DNE
trusty/esm_torbrowser-launcher: DNE
vivid/stable-phone-overlay_torbrowser-launcher: DNE
vivid/ubuntu-core_torbrowser-launcher: DNE
wily_torbrowser-launcher: ignored (reached end-of-life)
xenial_torbrowser-launcher: released (0.2.4-1)
yakkety_torbrowser-launcher: ignored (reached end-of-life)
zesty_torbrowser-launcher: ignored (reached end-of-life)
artful_torbrowser-launcher: ignored (reached end-of-life)
bionic_torbrowser-launcher: not-affected (0.2.4-1)
cosmic_torbrowser-launcher: not-affected (0.2.4-1)
devel_torbrowser-launcher: not-affected (0.2.4-1)