* SECURITY UPDATE: maliciously crafted TAR archive with symlinks can
install files outside the extraction directory. (LP: #1893465)
- 002-CVE-2020-24654-tar-symlinks-outside-extraction-directory.patch
- CVE-2020-24654
- Thanks to Fabian Vogt for reporting this issue and for fixing it.
This bug was fixed in the package ark - 4:17.12. 3-0ubuntu1. 2
--------------- 3-0ubuntu1. 2) bionic-security; urgency=medium
ark (4:17.12.
* SECURITY UPDATE: maliciously crafted TAR archive with symlinks can 2020-24654- tar-symlinks- outside- extraction- directory. patch
install files outside the extraction directory. (LP: #1893465)
- 002-CVE-
- CVE-2020-24654
- Thanks to Fabian Vogt for reporting this issue and for fixing it.
-- vishnunaini <email address hidden> Fri, 28 Aug 2020 22:12:54 +0530