All previous and current releases are possibly affected. The above debdiff is compatible with focal and bionic which are affected. Groovy can be updated to the latest upstream by the maintainer.
The nature of impact of this bug on xenial is unknown as the code in xenial is very different and upstream hasn't detailed it. Ark went thorugh a significant refactor after xenial and the current upstream patches are incompatible. I'll try to evaluate and report back if the patch can be backported or if the bug even exists. -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to ark in Ubuntu. https://bugs.launchpad.net/bugs/1893465 Title: KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1893465/+subscriptions -- kubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
