This bug was fixed in the package file-roller - 3.10.2.1-0ubuntu4.2
---------------
file-roller (3.10.2.1-0ubuntu4.2) trusty-security; urgency=medium
* SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
malicious archive (LP: #1171236)
- debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
a folder recursively. Based on upstream patch.
- CVE-2016-7162
-- Tyler Hicks <[email protected]> Thu, 08 Sep 2016 09:17:49 -0500
** Changed in: file-roller (Ubuntu Trusty)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7162
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1171236
Title:
file-roller may delete the content of linked folder (?)
To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
