[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

Launchpad Bug Tracker Thu, 08 Sep 2016 14:11:25 -0700

This bug was fixed in the package file-roller - 3.10.2.1-0ubuntu4.2

---------------
file-roller (3.10.2.1-0ubuntu4.2) trusty-security; urgency=medium


  * SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
    malicious archive (LP: #1171236)
    - debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
      a folder recursively. Based on upstream patch.
    - CVE-2016-7162

 -- Tyler Hicks <tyhi...@canonical.com>  Thu, 08 Sep 2016 09:17:49 -0500

** Changed in: file-roller (Ubuntu Trusty)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7162

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

Reply via email to