UbuntuUpdates.org

Package "file-roller"

Name: file-roller

Description:

archive manager for GNOME

Latest version: 3.16.5-0ubuntu1.5
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: https://wiki.gnome.org/Apps/FileRoller

Links


Download "file-roller"


Other versions of "file-roller" in Xenial

Repository Area Version
base main 3.16.4-1ubuntu3
security main 3.16.5-0ubuntu1.5

Changelog

Version: 3.16.5-0ubuntu1.5 2021-04-26 15:07:28 UTC

  file-roller (3.16.5-0ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory Traversal
    - debian/patches/CVE-2020-36314.patch: skip files with symlinks in
      parents in src/fr-archive-libarchive.c.
    - CVE-2020-36314

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 09 Apr 2021 15:54:33 -0300

Source diff to previous version
CVE-2020-36314 fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction

Version: 3.16.5-0ubuntu1.4 2020-04-20 14:06:30 UTC

  file-roller (3.16.5-0ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2020-11736.patch: do not follow external
      links when extracting files in src/fr-archive-libarchive.c.
    - CVE-2020-11736

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 14 Apr 2020 16:50:05 -0300

Source diff to previous version
CVE-2020-11736 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's

Version: 3.16.5-0ubuntu1.3 2019-09-25 15:06:26 UTC

  file-roller (3.16.5-0ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Path traversal vulnerability
    - debian/patches/CVE-2019-16680.patch: avoid the
      extraction of files with relative paths in src/glib-utils.c.
    - CVE-2019-16680

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Sep 2019 11:36:06 -0300

Source diff to previous version
CVE-2019-16680 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possi

Version: 3.16.5-0ubuntu1.2 2016-09-08 23:06:32 UTC

  file-roller (3.16.5-0ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
    malicious archive (LP: #1171236)
    - debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
      a folder recursively. Based on upstream patch.
    - CVE-2016-7162

 -- Tyler Hicks <email address hidden> Thu, 08 Sep 2016 09:17:37 -0500

Source diff to previous version
1171236 file-roller may delete the content of linked folder (?)
CVE-2016-7162 RESERVED

Version: 3.16.5-0ubuntu1.1 2016-06-20 11:06:30 UTC

  file-roller (3.16.5-0ubuntu1.1) xenial; urgency=medium

  * debian/control:
    - Suggest squashfs-tools
  * debian/patches/squashfs.patch:
    - Support squashfs (i.e. .snap) files (LP: #1585867)

 -- Robert Ancell <email address hidden> Thu, 26 May 2016 16:06:39 +1200




About   -   Send Feedback to @ubuntu_updates