UbuntuUpdates.org

Package "gnome-autoar"

Name: gnome-autoar

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GObject introspection data for GnomeAutoar
  • GObject introspection data for GnomeAutoarGtk
  • Archives integration support for GNOME
  • Archives integration support for GNOME - development files

Latest version: 0.2.4-2ubuntu0.2
Release: groovy (20.10)
Level: security
Repository: main

Links



Other versions of "gnome-autoar" in Groovy

Repository Area Version
base main 0.2.4-2
updates main 0.2.4-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.2.4-2ubuntu0.2 2021-03-08 20:07:36 UTC

  gnome-autoar (0.2.4-2ubuntu0.2) groovy-security; urgency=medium

  * SECURITY REGRESSION: missing subfolder creation (LP: #1917812)
    - debian/patches/CVE-2020-36241-2.patch: do not fail if parent folders
      don't exist in gnome-autoar/autoar-extractor.c.

 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2021 07:23:33 -0500

Source diff to previous version
1917812 extracting archives from within nautilus omits subfolders
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra

Version: 0.2.4-2ubuntu0.1 2021-02-11 14:07:18 UTC

  gnome-autoar (0.2.4-2ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: directory traversal issue (LP: #1901240)
    - debian/patches/CVE-2020-36241.patch: do not extract files outside the
      destination dir in gnome-autoar/autoar-extractor.c.
    - CVE-2020-36241

 -- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 13:55:36 -0500

1901240 Ubuntu GNOME Path Traversal
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra



About   -   Send Feedback to @ubuntu_updates