UbuntuUpdates.org

Package "file-roller"

Name: file-roller

Description:

archive manager for GNOME
Latest version: 3.28.0-1ubuntu1.3
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://wiki.gnome.org/Apps/FileRoller

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "file-roller"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "file-roller" in Bionic

Repository Area Version
base main 3.28.0-1ubuntu1
updates main 3.28.0-1ubuntu1.3

Changelog

Version: 3.28.0-1ubuntu1.3 2021-04-26 15:07:31 UTC

  file-roller (3.28.0-1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory Traversal
    - debian/patches/CVE-2020-36314.patch: skip files with symlinks in
      parents in src/fr-archive-libarchive.c.
    - CVE-2020-36314

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 09 Apr 2021 15:08:09 -0300
Source diff to previous version
CVE-2020-36314 fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction

Version: 3.28.0-1ubuntu1.2 2020-04-20 14:06:31 UTC

  file-roller (3.28.0-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2020-11736.patch: do not follow external
      links when extracting files in src/fr-archive-libarchive.c.
    - CVE-2020-11736

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 14 Apr 2020 16:53:44 -0300
Source diff to previous version
CVE-2020-11736 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's

Version: 3.28.0-1ubuntu1.1 2019-09-25 13:06:34 UTC

  file-roller (3.28.0-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Path traversal vulnerability
    - debian/patches/CVE-2019-16680.patch: avoid the
      extraction of files with relative paths in src/glib-utils.c.
    - CVE-2019-16680

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Sep 2019 11:38:11 -0300
CVE-2019-16680 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possi


About   -   Send Feedback to @ubuntu_updates