This bug was fixed in the package ark - 4:20.04.3-1
---------------
ark (4:20.04.3-1) unstable; urgency=medium
* Team upload.
* New upstream release.
* Backport upstream commit 0df592524fed305d6fbe74ddf8a196bc9ffdb92f to fix
vulnerability to path traversal attacks (CVE-2020-16116); patch
upstream_Fix-vulnerability-to-path-traversal-attacks.patch.
* CI: disable build path variations, as not well handled with ark by the
current toolchain.
* Add Rules-Requires-Root: no.
* Change an internal hostname of an old Ubuntu changelog entry to
[email protected] to avoid lintian issues.
-- Pino Toscano <[email protected]> Thu, 30 Jul 2020 17:11:50 +0200
** Changed in: ark (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1889672
Title:
KDE Project Security Advisory: Ark: maliciously crafted archive can
install files outside the extraction directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
