Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
click (0.4.21.1ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
can be used to install alternate security policy than what is defined
- click/install.py: Forbid installing packages with data tarball members
whose names do not start with "./". Based on patch from Colin Watson.
- CVE-2015-XXXX
- LP: #1506467
-- Jamie Strandboge <email address hidden> Thu, 15 Oct 2015 10:05:35 -0500