[Bug 1889672] Re: KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory.

vishnunaini 1889672 at bugs.launchpad.net
Thu Aug 6 07:22:16 UTC 2020


Upstream has included the below test archive in the original advisory.
Upon trying to open the test archive in ark, a warning will show below
the menu bar.

Proof of concept
================

For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1889672

Title:
  KDE Project Security Advisory: Ark: maliciously crafted archive can
  install files outside the extraction directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+subscriptions




More information about the kubuntu-bugs mailing list