[Bug 1889672] Re: KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory.
Steve Beattie
1889672 at bugs.launchpad.net
Thu Aug 6 21:16:31 UTC 2020
vishnunaini, thanks for testing and the pointer to the reproducer.
I also went ahead and carried back the patch to bionic's ark as well,
and have uploaded it to the same ppa.
For xenial, the patch fails to apply because the passed archive entry
type is different, and it was not clear to me whether the older version
of the type contained an equivalent way to get access to the result of
the fullPath() method call.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1889672
Title:
KDE Project Security Advisory: Ark: maliciously crafted archive can
install files outside the extraction directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+subscriptions
More information about the kubuntu-bugs
mailing list