[Bug 1889672] Re: KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory.
Rik Mills
1889672 at bugs.launchpad.net
Thu Jul 30 23:10:32 UTC 2020
This bug was fixed in the package ark - 4:20.04.3-1
---------------
ark (4:20.04.3-1) unstable; urgency=medium
* Team upload.
* New upstream release.
* Backport upstream commit 0df592524fed305d6fbe74ddf8a196bc9ffdb92f to fix
vulnerability to path traversal attacks (CVE-2020-16116); patch
upstream_Fix-vulnerability-to-path-traversal-attacks.patch.
* CI: disable build path variations, as not well handled with ark by the
current toolchain.
* Add Rules-Requires-Root: no.
* Change an internal hostname of an old Ubuntu changelog entry to
ubuntu at ubuntu.com to avoid lintian issues.
-- Pino Toscano <pino at debian.org> Thu, 30 Jul 2020 17:11:50 +0200
** Changed in: ark (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1889672
Title:
KDE Project Security Advisory: Ark: maliciously crafted archive can
install files outside the extraction directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+subscriptions
More information about the kubuntu-bugs
mailing list