Debian 10261 Published by

A dpkg security update has been released for Debian GNU/Linux 9 Extended LTS to address a directory traversal vulnerability.



ELA-631-1 dpkg security update

Package dpkg
Version 1.17.28 (jessie)
Related CVEs CVE-2022-1664

Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar.

For Debian 8 jessie, these problems have been fixed in version 1.17.28.

We recommend that you upgrade your dpkg packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-631-1 dpkg security update