Bugzilla – Bug 1025086
VUL-0: CVE-2017-0359 diffoscope: writes to arbitrary locations on disk based on the contents of an untrusted archive
Last modified: 2018-02-21 07:08:43 UTC
diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive.
diffoscope is only in factory.
bugbot adjusting priority
Yes, it's mine, thanks.
I've updated package to 3h old release and prepared https://build.opensuse.org/request/show/514078
this seems to have been fixed back in August, so closing
hmm, but it got into Leap in the meantime.
submitting the Factory version to Leap as MR 561144 and handing over to security
This is an autogenerated message for OBS integration:
This bug (1025086) was mentioned in
https://build.opensuse.org/request/show/561144 42.3 / diffoscope
openSUSE-SU-2018:0060-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 1025086
CVE References: CVE-2017-0359
openSUSE Leap 42.3 (src): diffoscope-85-3.1