UbuntuUpdates.org

Package "gnome-autoar"

Name: gnome-autoar

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GObject introspection data for GnomeAutoar
  • GObject introspection data for GnomeAutoarGtk
  • Archives integration support for GNOME
  • Archives integration support for GNOME - development files

Latest version: 0.2.4-2ubuntu0.4
Release: groovy (20.10)
Level: security
Repository: main

Links



Other versions of "gnome-autoar" in Groovy

Repository Area Version
base main 0.2.4-2
updates main 0.2.4-2ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.2.4-2ubuntu0.4 2021-06-07 17:06:46 UTC

  gnome-autoar (0.2.4-2ubuntu0.4) groovy-security; urgency=medium

  * SECURITY REGRESSION: Fix extracting one-file archives (LP: #1929304)
    - debian/patches/fix_one_file_archives.patch: don't create en empty
      folder when extracting with nautilus in
      gnome-autoar/autoar-extractor.c.
    - debian/patches/fix_one_file_archives2.patch: prevent redundant path
      name handling for equal prefixes in gnome-autoar/autoar-extractor.c.

 -- Marc Deslauriers <email address hidden> Fri, 04 Jun 2021 07:02:45 -0400

Source diff to previous version
1929304 file-roller / gnome archive manager fails to extract

Version: 0.2.4-2ubuntu0.3 2021-05-06 13:06:24 UTC

  gnome-autoar (0.2.4-2ubuntu0.3) groovy-security; urgency=medium

  * SECURITY UPDATE: more directory traversal issues
    - debian/patches/CVE-2021-28650-*.patch: apply multiple commits from
      0.3.1 to fix issues in gnome-autoar/autoar-extractor.c.
    - debian/patches/CVE-2020-36241.patch: removed, no longer needed.
    - debian/patches/CVE-2020-36241-2.patch: removed, no longer needed.
    - CVE-2021-28650

 -- Marc Deslauriers <email address hidden> Wed, 05 May 2021 12:26:03 -0400

Source diff to previous version
CVE-2021-28650 autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extrac
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra

Version: 0.2.4-2ubuntu0.2 2021-03-08 20:07:36 UTC

  gnome-autoar (0.2.4-2ubuntu0.2) groovy-security; urgency=medium

  * SECURITY REGRESSION: missing subfolder creation (LP: #1917812)
    - debian/patches/CVE-2020-36241-2.patch: do not fail if parent folders
      don't exist in gnome-autoar/autoar-extractor.c.

 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2021 07:23:33 -0500

Source diff to previous version
1917812 extracting archives from within nautilus omits subfolders
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra

Version: 0.2.4-2ubuntu0.1 2021-02-11 14:07:18 UTC

  gnome-autoar (0.2.4-2ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: directory traversal issue (LP: #1901240)
    - debian/patches/CVE-2020-36241.patch: do not extract files outside the
      destination dir in gnome-autoar/autoar-extractor.c.
    - CVE-2020-36241

 -- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 13:55:36 -0500

1901240 Ubuntu GNOME Path Traversal
CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extra



About   -   Send Feedback to @ubuntu_updates