Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Jan 2016 11:42:30 -0600
From: Jamie Strandboge <>
Cc: security <>
Subject: CVE Request: click

Hi MITRE, all,

A vulnerability was discovered in the click package system:

It was fixed in 0.4.42 with:

This is an input sanitization bug where click assumed leading paths were always
prefixed with './' which, for example, allows a crafted click to ship a '.click'
directory to manipulate the click install process.

Can we get a CVE for this?


Jamie Strandboge       

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.