2020-04-20
ALT-BU-2020-3772-1
Branch sisyphus update bulletin.
Package file-roller updated to version 3.36.2-alt1 for branch sisyphus in task 250278.
Closed vulnerabilities
Published: 2020-04-13
BDU:2021-01340
Уязвимость компонента fr-archive-libarchive.c программы-архиватора File Roller, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации
References:
Published: 2020-04-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-11736
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
References:
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
- [debian-lts-announce] 20200417 [SECURITY] [DLA 2180-1] file-roller security update
- GLSA-202009-06
- USN-4332-1
- USN-4332-2
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
- USN-4332-2
- USN-4332-1
- GLSA-202009-06
- [debian-lts-announce] 20200417 [SECURITY] [DLA 2180-1] file-roller security update