The patched package is already available from the Staging PPA.
** No longer affects: rust-cargo-c (Ubuntu Focal)
** Changed in: rust-tar (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: rust-tar (Ubuntu Focal)
Status: New => In Progress
** Changed in: rust-tar (Ubuntu Focal)
Assignee: (unassigned) => Ruan Comelli (ruancomelli)
** Changed in: rust-tar (Ubuntu Focal)
Status: In Progress => Fix Committed
** Changed in: rustc-1.76 (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: rustc-1.76 (Ubuntu Focal)
Status: New => Fix Committed
** Changed in: rustc-1.76 (Ubuntu Focal)
Assignee: (unassigned) => Ruan Comelli (ruancomelli)
** Changed in: rustc-1.77 (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: rustc-1.77 (Ubuntu Focal)
Status: New => Fix Committed
** Changed in: rustc-1.77 (Ubuntu Focal)
Assignee: (unassigned) => Ruan Comelli (ruancomelli)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2145764
Title:
CVE-2026-33056: Vendored tar crate can chmod arbitrary directories by
following symlinks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cargo/+bug/2145764/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
