UbuntuUpdates.org

Package "file-roller"

Name: file-roller

Description:

archive manager for GNOME
Latest version: 3.16.5-0ubuntu1.5
Release: xenial (16.04)
Level: security
Repository: main
Homepage: https://wiki.gnome.org/Apps/FileRoller

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "file-roller"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "file-roller" in Xenial

Repository Area Version
base main 3.16.4-1ubuntu3
updates main 3.16.5-0ubuntu1.5
PPA: Mint Upstream 43.0+mint1+wilma

Changelog

Version: 3.16.5-0ubuntu1.5 2021-04-26 15:07:27 UTC

  file-roller (3.16.5-0ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory Traversal
    - debian/patches/CVE-2020-36314.patch: skip files with symlinks in
      parents in src/fr-archive-libarchive.c.
    - CVE-2020-36314

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 09 Apr 2021 15:54:33 -0300
Source diff to previous version
CVE-2020-36314 fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction

Version: 3.16.5-0ubuntu1.4 2020-04-20 14:06:29 UTC

  file-roller (3.16.5-0ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2020-11736.patch: do not follow external
      links when extracting files in src/fr-archive-libarchive.c.
    - CVE-2020-11736

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 14 Apr 2020 16:50:05 -0300
Source diff to previous version
CVE-2020-11736 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's

Version: 3.16.5-0ubuntu1.3 2019-09-25 13:06:33 UTC

  file-roller (3.16.5-0ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Path traversal vulnerability
    - debian/patches/CVE-2019-16680.patch: avoid the
      extraction of files with relative paths in src/glib-utils.c.
    - CVE-2019-16680

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Sep 2019 11:36:06 -0300
Source diff to previous version
CVE-2019-16680 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possi

Version: 3.16.5-0ubuntu1.2 2016-09-08 22:06:28 UTC

  file-roller (3.16.5-0ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
    malicious archive (LP: #1171236)
    - debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
      a folder recursively. Based on upstream patch.
    - CVE-2016-7162

 -- Tyler Hicks <email address hidden> Thu, 08 Sep 2016 09:17:37 -0500
1171236 file-roller may delete the content of linked folder (?)
CVE-2016-7162 RESERVED


About   -   Send Feedback to @ubuntu_updates