ALT-PU-2020-1779-1
Package file-roller updated to version 3.36.2-alt1 for branch sisyphus in task 250278.
Closed vulnerabilities
Published: 2021-03-15
Modified: 2023-11-21
Modified: 2023-11-21
BDU:2021-01340
Уязвимость компонента fr-archive-libarchive.c программы-архиватора File Roller, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации
Severity: LOW (3.9)
Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Severity: LOW (3.2)
Vector: AV:L/AC:L/Au:S/C:N/I:P/A:P
References:
Published: 2020-04-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-11736
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Severity: LOW (3.3)
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
Severity: LOW (3.9)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References:
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
- https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html
- https://security.gentoo.org/glsa/202009-06
- https://usn.ubuntu.com/4332-1/
- https://usn.ubuntu.com/4332-2/
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
- https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html
- https://security.gentoo.org/glsa/202009-06
- https://usn.ubuntu.com/4332-1/
- https://usn.ubuntu.com/4332-2/