[Bug 1901240] Re: Ubuntu GNOME Path Traversal
This bug was fixed in the package gnome-autoar - 0.2.3-2ubuntu0.1 --- gnome-autoar (0.2.3-2ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: directory traversal issue (LP: #1901240) - debian/patches/CVE-2020-36241.patch: do not extract files outside the destination dir in gnome-autoar/autoar-extractor.c. - CVE-2020-36241 -- Marc Deslauriers Wed, 10 Feb 2021 13:59:00 -0500 ** Changed in: gnome-autoar (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-autoar in Ubuntu. https://bugs.launchpad.net/bugs/1901240 Title: Ubuntu GNOME Path Traversal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-autoar/+bug/1901240/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1901240] Re: Ubuntu GNOME Path Traversal
This bug was fixed in the package gnome-autoar - 0.2.3-1ubuntu0.1 --- gnome-autoar (0.2.3-1ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: directory traversal issue (LP: #1901240) - debian/patches/CVE-2020-36241.patch: do not extract files outside the destination dir in gnome-autoar/autoar-extractor.c. - CVE-2020-36241 -- Marc Deslauriers Wed, 10 Feb 2021 13:59:35 -0500 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-autoar in Ubuntu. https://bugs.launchpad.net/bugs/1901240 Title: Ubuntu GNOME Path Traversal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-autoar/+bug/1901240/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1901240] Re: Ubuntu GNOME Path Traversal
This bug was fixed in the package gnome-autoar - 0.2.4-2ubuntu0.1 --- gnome-autoar (0.2.4-2ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: directory traversal issue (LP: #1901240) - debian/patches/CVE-2020-36241.patch: do not extract files outside the destination dir in gnome-autoar/autoar-extractor.c. - CVE-2020-36241 -- Marc Deslauriers Wed, 10 Feb 2021 13:55:36 -0500 ** Changed in: gnome-autoar (Ubuntu) Status: Confirmed => Fix Released ** Changed in: gnome-autoar (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-autoar in Ubuntu. https://bugs.launchpad.net/bugs/1901240 Title: Ubuntu GNOME Path Traversal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-autoar/+bug/1901240/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1901240] Re: Ubuntu GNOME Path Traversal
Upstream issue: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 and associated fix https://gitlab.gnome.org/GNOME/gnome- autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 Given that this is public upstream, I'm going to open this issue ap as well. ** Bug watch added: gitlab.gnome.org/GNOME/gnome-autoar/-/issues #7 https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-autoar in Ubuntu. https://bugs.launchpad.net/bugs/1901240 Title: Ubuntu GNOME Path Traversal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-autoar/+bug/1901240/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
