Public bug reported:
Cleverly constructed key signature tarball can bypass signature check.
If tarball contains symbolic link to the directory outside of the working
folder followed then by file based on this symbolic link , tar will follow the
link and creates new file outside of the working folder, which is not desired
and can alter behaviour of the system.
** Affects: android (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1506887
Title:
vulnerability in OTA signature check mechanism
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/android/+bug/1506887/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
