Source: file-roller Version: 3.36.1-1 Severity: important Tags: security upstream fixed-upstream
Hi, The following vulnerability was published for file-roller. CVE-2020-11736[0]: | fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows | Directory Traversal during extraction because it lacks a check of | whether a file's parent is a symlink to a directory outside of the | intended extraction location. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11736 [1] https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore