vishnunaini, thanks for testing and the pointer to the reproducer. I also went ahead and carried back the patch to bionic's ark as well, and have uploaded it to the same ppa.
For xenial, the patch fails to apply because the passed archive entry type is different, and it was not clear to me whether the older version of the type contained an equivalent way to get access to the result of the fullPath() method call. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889672 Title: KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
