-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : file-roller Version : 3.14.1-1+deb8u2 CVE ID : CVE-2020-11736 Debian Bug : 956638
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. For Debian 8 "Jessie", this problem has been fixed in version 3.14.1-1+deb8u2. We recommend that you upgrade your file-roller packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6aQUIACgkQgj6WdgbD S5aKvg/9HM6jhAKOBpDLhOAfEDjmR+R0ao7BCxArWLJebSBN9A2q9vNjunfGZKyx KkH2/gBEewaBj6a0iP3rPw0BnEMMVoTljPkQ6a0ZVnAIcxJYFFEy8lAVctshNMG+ gdCO2rmuWnj7x5at5HR8HwnhitLQNKUbbPnA/p2VKK20/f8YHRiF40v+RB7cszvP /MXUgKR3Wfw/VJBgeHFPxaTS1GGndrHMGhay7Cn5R2gjL4a25Z79GB9TJl50O/54 7yXgLcznLspNAsoZxwUwdq9Xi3tRBV52hyXTmiybC0ZgjNBaIxAWjJPE6/q1INFF qVGIN3tCGtK//egK3t2kDnAZPGy306xTk4fGC4ZslKjCzvIdi+keCj1/lDSeQ66O GOmaj3Ojb+3Yx7JR0pS77ALWhSl3/1Gp4vFQG6PJ0skHqqT85wesdrMoqR+baZl3 wpHFYKMZ1rxu2fLneJQCWiYEzUaO6zvBiHOImnEWhI0s/VhQrZLU8mcvIMZ2MQ8G hNqz78tW2FCIYj7GfAs/wyh76jBkNqs92RTsJLXk0kiqR5VmiImHEh8SyZjV9s4t 8NXwj0t6Zuwd7+6kJdI+/tm45yLFvRswPle+ee086qF/9Fvo4WVVTpUfOcqpdPop d3xHp8zApRikpJVM+ZdOOuP+yyCyIs6jRvbY6S2Vnq1wbuhb2+4= =kc09 -----END PGP SIGNATURE-----
