oss-security - Re: CVE Request: File Roller path traversal

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-Id: <20160908065142.EF4D81BE24C@smtpvbsrv1.mitre.org>
Date: Thu,  8 Sep 2016 02:51:42 -0400 (EDT)
From: cve-assign@...re.org
To: tyhicks@...onical.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, paobac@....gnome.org, security@...ntu.com
Subject: Re: CVE Request: File Roller path traversal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> File Roller 3.5.4 through 3.20.2 was affected by a path traversal bug
> that could result in deleted files if a user were tricked into opening a
> malicious archive.
> 
> http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news
> http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news
> Distro bug: https://launchpad.net/bugs/1171236
> Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554
> Fixed by:
> https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5

Use CVE-2016-7162.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX0QmDAAoJEHb/MwWLVhi2DqkQAI/f8t2ZR6E+2yHJ1My3OBum
2yuJFIdnkCzGonivRLk5l8Gj7v9tKMwqOP8HUFSy6bBzGy3fA+DOiAhjq+WJoGSQ
tbjn2ATBnS4KylAJCD0luGV50A/qEo/kZ50K4+pVlK/jVOH5oQepxCFWrh9Nybnc
9gr4DCwXubsi1l5Pjr1KzDZQyJInDdVH/Q4RlN7g3ZkenzFoMOWtQoeIsOnnfpw4
3XTDto5EW4mAq/4kUFGoxAScpu3qhIVMU9ms6mL9KeSkRzXUl5Hrn4VYvHKya8fY
Mpa+6dVrLYkkdB3ey76LJhTYQcx4qdNTjtgf+c0SmUjoqNaWIno1YkfajRWEEhyO
fQzDyySAidxZMjG2wkqOn0rVAkJ2kRbStbAPNnS/RrGowp4GTGkmUvqxrv/+R3T0
msdoVlz4DEy1RpNLI5uEfmKOJDtoRVHYgqm1S+VLokMRahA/Lcru+pgTzIzAJnwV
+WHMUEVHur0fMdWVvdbtyYJKS5ti72HSxXM8182neiwA9yJH/Z+S4v5PMH4aGaHv
riPEgRVpKLMPFnqV0zl6AuJWL4ljLRF2yhcrjcFlkNGk2vs95gEdeZv64xiLIW09
k1eMhHaw9ZkWiJ/vaynDZrJ7NcvbI5PX6yVXNGEW+EA0csTHlm83w3cALY4ii+pq
qrPRq/IrV7vf/vMs8Dmn
=zLoP
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.