The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11-sp4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12-sp2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12-sp3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.3"
}
]
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14804.json"