This bug was fixed in the package ark - 4:20.08.1-0ubuntu1

---------------
ark (4:20.08.1-0ubuntu1) groovy; urgency=medium

  * New upstream release (20.08.1)
  * SECURITY UPDATE: Maliciously crafted TAR archive with symlinks can
    install files outside the extraction directory. (LP: #1893465)
    - CVE-2020-24654
    - Thanks to Fabian Vogt for reporting this issue and for fixing it.

 -- Rik Mills <[email protected]>  Tue, 01 Sep 2020 08:48:18 +0100

** Changed in: ark (Ubuntu Groovy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1893465

Title:
  KDE Project Security Advisory: Ark: maliciously crafted TAR archive
  with symlinks can install files outside the extraction directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1893465/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to