This bug was fixed in the package ark - 4:20.04.3-1 --------------- ark (4:20.04.3-1) unstable; urgency=medium
* Team upload. * New upstream release. * Backport upstream commit 0df592524fed305d6fbe74ddf8a196bc9ffdb92f to fix vulnerability to path traversal attacks (CVE-2020-16116); patch upstream_Fix-vulnerability-to-path-traversal-attacks.patch. * CI: disable build path variations, as not well handled with ark by the current toolchain. * Add Rules-Requires-Root: no. * Change an internal hostname of an old Ubuntu changelog entry to ubu...@ubuntu.com to avoid lintian issues. -- Pino Toscano <p...@debian.org> Thu, 30 Jul 2020 17:11:50 +0200 ** Changed in: ark (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889672 Title: KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs