UbuntuUpdates.org

Package "gir1.2-gnomeautoargtk-0.1"

Name: gir1.2-gnomeautoargtk-0.1

Description:

GObject introspection data for GnomeAutoarGtk

Latest version: 0.2.3-2ubuntu0.4
Release: focal (20.04)
Level: security
Repository: main
Head package: gnome-autoar

Links


Download "gir1.2-gnomeautoargtk-0.1"


Other versions of "gir1.2-gnomeautoargtk-0.1" in Focal

Repository Area Version
base main 0.2.3-2
updates main 0.2.3-2ubuntu0.4

Changelog

Version: 0.2.3-2ubuntu0.4 2021-06-07 17:06:34 UTC

  gnome-autoar (0.2.3-2ubuntu0.4) focal-security; urgency=medium

  * SECURITY REGRESSION: Fix extracting one-file archives (LP: #1929304)
    - debian/patches/fix_one_file_archives.patch: don't create en empty
      folder when extracting with nautilus in
      gnome-autoar/autoar-extractor.c.
    - debian/patches/fix_one_file_archives2.patch: prevent redundant path
      name handling for equal prefixes in gnome-autoar/autoar-extractor.c.

 -- Marc Deslauriers <email address hidden> Fri, 04 Jun 2021 07:03:08 -0400

Source diff to previous version
1929304 file-roller / gnome archive manager fails to extract

Version: 0.2.3-2ubuntu0.3 2021-05-06 13:06:23 UTC

  gnome-autoar (0.2.3-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: more directory traversal issues
    - debian/patches/CVE-2021-28650-*.patch: apply multiple commits from
      0.3.1 to fix issues in gnome-autoar/autoar-extractor.c.
    - debian/patches/CVE-2020-36241.patch: removed, no longer needed.
    - debian/patches/CVE-2020-36241-2.patch: removed, no longer needed.
    - CVE-2021-28650

 -- Marc Deslauriers <email address hidden> Wed, 05 May 2021 12:57:41 -0400

Source diff to previous version
CVE-2021-28650 autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extrac
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra

Version: 0.2.3-2ubuntu0.2 2021-03-08 20:07:33 UTC

  gnome-autoar (0.2.3-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY REGRESSION: missing subfolder creation (LP: #1917812)
    - debian/patches/CVE-2020-36241-2.patch: do not fail if parent folders
      don't exist in gnome-autoar/autoar-extractor.c.

 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2021 07:27:13 -0500

Source diff to previous version
1917812 extracting archives from within nautilus omits subfolders
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra

Version: 0.2.3-2ubuntu0.1 2021-02-11 14:07:16 UTC

  gnome-autoar (0.2.3-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: directory traversal issue (LP: #1901240)
    - debian/patches/CVE-2020-36241.patch: do not extract files outside the
      destination dir in gnome-autoar/autoar-extractor.c.
    - CVE-2020-36241

 -- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 13:59:00 -0500

1901240 Ubuntu GNOME Path Traversal
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra



About   -   Send Feedback to @ubuntu_updates