-
file-roller (3.16.5-0ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: Directory Traversal
- debian/patches/CVE-2020-36314.patch: skip files with symlinks in
parents in src/fr-archive-libarchive.c.
- CVE-2020-36314
-- Leonidas Da Silva Barbosa <email address hidden> Fri, 09 Apr 2021 15:54:33 -0300
-
file-roller (3.16.5-0ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2020-11736.patch: do not follow external
links when extracting files in src/fr-archive-libarchive.c.
- CVE-2020-11736
-- <email address hidden> (Leonidas S. Barbosa) Tue, 14 Apr 2020 16:50:05 -0300
-
file-roller (3.16.5-0ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: Path traversal vulnerability
- debian/patches/CVE-2019-16680.patch: avoid the
extraction of files with relative paths in src/glib-utils.c.
- CVE-2019-16680
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Sep 2019 11:36:06 -0300
-
file-roller (3.16.5-0ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
malicious archive (LP: #1171236)
- debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
a folder recursively. Based on upstream patch.
- CVE-2016-7162
-- Tyler Hicks <email address hidden> Thu, 08 Sep 2016 09:17:37 -0500
-
file-roller (3.16.5-0ubuntu1.1) xenial; urgency=medium
* debian/control:
- Suggest squashfs-tools
* debian/patches/squashfs.patch:
- Support squashfs (i.e. .snap) files (LP: #1585867)
-- Robert Ancell <email address hidden> Thu, 26 May 2016 16:06:39 +1200
-
file-roller (3.16.5-0ubuntu1) xenial; urgency=medium
* New upstream bugfix update (lp: #1576656)
-- Sebastien Bacher <email address hidden> Fri, 29 Apr 2016 13:53:10 +0200
-
file-roller (3.16.4-1ubuntu3) wily; urgency=medium
* debian/patches/bzg_click_support.patch:
- define clicks as debs compatible so file-roller knows how to open
those, thanks Alan Bell (lp: #1439640)
-- Sebastien Bacher <email address hidden> Mon, 12 Oct 2015 17:52:40 +0100
