All previous and current releases are possibly affected. 
The above debdiff is compatible with focal and bionic which are affected.
Groovy can be updated to the latest upstream by the maintainer.

The nature of impact of this bug on xenial is unknown as the code in
xenial is very different and upstream hasn't detailed it. Ark went
thorugh a significant refactor after xenial and the current upstream
patches are incompatible. I'll try to evaluate and report back if the
patch can be backported or if the bug even exists.

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1893465

Title:
  KDE Project Security Advisory: Ark: maliciously crafted TAR archive
  with symlinks can install files outside the extraction directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1893465/+subscriptions

-- 
kubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs

Reply via email to