[Bug 1893465] Re: KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.
Launchpad Bug Tracker
1893465 at bugs.launchpad.net
Tue Sep 1 10:32:38 UTC 2020
This bug was fixed in the package ark - 4:20.08.1-0ubuntu1
---------------
ark (4:20.08.1-0ubuntu1) groovy; urgency=medium
* New upstream release (20.08.1)
* SECURITY UPDATE: Maliciously crafted TAR archive with symlinks can
install files outside the extraction directory. (LP: #1893465)
- CVE-2020-24654
- Thanks to Fabian Vogt for reporting this issue and for fixing it.
-- Rik Mills <rikmills at kde.org> Tue, 01 Sep 2020 08:48:18 +0100
** Changed in: ark (Ubuntu Groovy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1893465
Title:
KDE Project Security Advisory: Ark: maliciously crafted TAR archive
with symlinks can install files outside the extraction directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1893465/+subscriptions
More information about the kubuntu-bugs
mailing list