[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2016-09-09 Thread Mathew Hodson 
** Bug watch removed: GNOME Bug Tracker #647753
   https://bugzilla.gnome.org/show_bug.cgi?id=647753

** Summary changed:

- file-roller may delete the content of linked folder (?)
+ file-roller may delete the content of linked folder

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2016-09-08 Thread Tyler Hicks 
** Changed in: file-roller (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2016-09-08 Thread Launchpad Bug Tracker 
This bug was fixed in the package file-roller - 3.16.5-0ubuntu1.2

---
file-roller (3.16.5-0ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
malicious archive (LP: #1171236)
- debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
  a folder recursively. Based on upstream patch.
- CVE-2016-7162

 -- Tyler Hicks   Thu, 08 Sep 2016 09:17:37 -0500

** Changed in: file-roller (Ubuntu Xenial)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2016-09-08 Thread Launchpad Bug Tracker 
This bug was fixed in the package file-roller - 3.10.2.1-0ubuntu4.2

---
file-roller (3.10.2.1-0ubuntu4.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
malicious archive (LP: #1171236)
- debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
  a folder recursively. Based on upstream patch.
- CVE-2016-7162

 -- Tyler Hicks   Thu, 08 Sep 2016 09:17:49 -0500

** Changed in: file-roller (Ubuntu Trusty)
   Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7162

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2016-09-08 Thread Tyler Hicks 
** Also affects: file-roller (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: file-roller (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: file-roller (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: file-roller (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: file-roller (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: file-roller (Ubuntu Trusty)
 Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: file-roller (Ubuntu Xenial)
 Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: file-roller (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2016-08-18 Thread Sebastien Bacher 
** Changed in: file-roller (Ubuntu)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2016-08-17 Thread Bug Watch Updater 
** Changed in: file-roller
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2013-04-22 Thread Sebastien Bacher 
Thank you for taking the time to report this bug and helping to make
Ubuntu better. The issue you are reporting is an upstream one and it
would be nice if somebody having it could send the bug to the developers
of the software by following the instructions at
https://wiki.ubuntu.com/Bugs/Upstream/GNOME. If you have done so, please
tell us the number of the upstream bug (or the link), so we can add a
bugwatch that will inform us about its status. Thanks in advance.

** Changed in: file-roller (Ubuntu)
   Importance: Undecided = High

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2013-04-22 Thread charles r. 
I opened a new bug at bugzilla : 698554 
(https://bugzilla.gnome.org/show_bug.cgi?id=698554)
It may be a duplicate of bug 647753 
(https://bugzilla.gnome.org/show_bug.cgi?id=647753) but I'm not entirely sure, 
as the description is not clear and it wasn't updated since 2011.   

** Bug watch added: GNOME Bug Tracker #698554
   https://bugzilla.gnome.org/show_bug.cgi?id=698554

** Bug watch added: GNOME Bug Tracker #647753
   https://bugzilla.gnome.org/show_bug.cgi?id=647753

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2013-04-22 Thread Sebastien Bacher 
Thanks for filing the bug upstream, let's see what they say

** Changed in: file-roller (Ubuntu)
   Status: New = Triaged

** Also affects: file-roller via
   https://bugzilla.gnome.org/show_bug.cgi?id=698554
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2013-04-22 Thread Bug Watch Updater 
** Changed in: file-roller
   Status: Unknown = New

** Changed in: file-roller
   Importance: Unknown = High

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

2013-04-21 Thread charles r. 
I made further tests, and I could reproduce this bug on another computer
(with the same setup).

It happens when you attempt to extract the archive containing linked folders.
Here are the exact steps to reproduce this bug :

1- Create a folder, say container
2- Inside, create another folder, say real folder
3- Place some files inside this folder (a week worth of precious work for 
instance. ah ah!)
4- Create a link of this folder in nautilus (right clic - create a link)

It should look like this :
-container
|_real folder (with files inside)
|_link to real folder

5- Create an archive from link to real folder (a zip in my test)
6- Extract that archive anywhere you want.
You will get an error message saying the files could not be extracted.
Check real folder : all the files should have disappeared !

Another thing to note : I works from one computer to another.
Create a bogus archive in computer A, extract it in computer B.
If computer B happens to have the same folders as the links contained inside 
the archive, they will also be emptied.
(There goes my backup files by the way -and one chance to recover them. I'm so 
happy).

My disc drives are formatted in ext4 if it's of any help.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/file-roller/+bug/1171236/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs