[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

Launchpad Bug Tracker Thu, 08 Sep 2016 14:21:12 -0700

This bug was fixed in the package file-roller - 3.16.5-0ubuntu1.2

---------------
file-roller (3.16.5-0ubuntu1.2) xenial-security; urgency=medium


  * SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
    malicious archive (LP: #1171236)
    - debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
      a folder recursively. Based on upstream patch.
    - CVE-2016-7162

 -- Tyler Hicks <[email protected]>  Thu, 08 Sep 2016 09:17:37 -0500

** Changed in: file-roller (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1171236

Title:
  file-roller may delete the content of linked folder (?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/1171236/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1171236] Re: file-roller may delete the content of linked folder (?)

Reply via email to