[Bug 1893465] Re: KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.

Launchpad Bug Tracker Tue, 01 Sep 2020 12:41:51 -0700

This bug was fixed in the package ark - 4:15.12.3-0ubuntu1.2

---------------
ark (4:15.12.3-0ubuntu1.2) xenial-security; urgency=medium


  * SECURITY UPDATE: maliciously crafted TAR archive with symlinks can
    install files outside the extraction directory. (LP: #1893465)
    - 002-CVE-2020-24654-tar-symlinks-outside-extraction-directory.patch
    - CVE-2020-24654
    - Thanks to Fabian Vogt for reporting this issue and for fixing it.

 -- Eduardo Barretto <eduardo.barre...@canonical.com>  Tue, 01 Sep 2020
11:31:33 -0300

** Changed in: ark (Ubuntu Xenial)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1893465

Title:
  KDE Project Security Advisory: Ark: maliciously crafted TAR archive
  with symlinks can install files outside the extraction directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1893465/+subscriptions

-- 
kubuntu-bugs mailing list
kubuntu-b...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs

[Bug 1893465] Re: KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.

Reply via email to