UbuntuUpdates.org

Package "file-roller"

Name: file-roller

Description:

archive manager for GNOME

Latest version: 3.28.0-1ubuntu1.3
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: https://wiki.gnome.org/Apps/FileRoller

Links


Download "file-roller"


Other versions of "file-roller" in Bionic

Repository Area Version
base main 3.28.0-1ubuntu1
security main 3.28.0-1ubuntu1.3
PPA: Mint Upstream 43.0+mint1+wilma

Changelog

Version: 3.28.0-1ubuntu1.3 2021-04-26 15:07:32 UTC

  file-roller (3.28.0-1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory Traversal
    - debian/patches/CVE-2020-36314.patch: skip files with symlinks in
      parents in src/fr-archive-libarchive.c.
    - CVE-2020-36314

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 09 Apr 2021 15:08:09 -0300

Source diff to previous version
CVE-2020-36314 fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction

Version: 3.28.0-1ubuntu1.2 2020-04-20 14:06:32 UTC

  file-roller (3.28.0-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2020-11736.patch: do not follow external
      links when extracting files in src/fr-archive-libarchive.c.
    - CVE-2020-11736

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 14 Apr 2020 16:53:44 -0300

Source diff to previous version
CVE-2020-11736 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's

Version: 3.28.0-1ubuntu1.1 2019-09-25 15:06:28 UTC

  file-roller (3.28.0-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Path traversal vulnerability
    - debian/patches/CVE-2019-16680.patch: avoid the
      extraction of files with relative paths in src/glib-utils.c.
    - CVE-2019-16680

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Sep 2019 11:38:11 -0300

CVE-2019-16680 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possi



About   -   Send Feedback to @ubuntu_updates