diff -Nru ark-16.04.3a/debian/changelog ark-16.04.3a/debian/changelog
--- ark-16.04.3a/debian/changelog	2016-11-11 05:24:33.000000000 +0530
+++ ark-16.04.3a/debian/changelog	2017-01-19 03:10:04.000000000 +0530
@@ -1,3 +1,12 @@
+ark (4:16.04.3a-0ubuntu2.2) yakkety-security; urgency=medium
+  * SECURITY UPDATE:unintended execution of scripts and executable files
+      - debian/patches/no-exec-during-url-open.patch
+      - Thanks to Fabian Vogt for reporting this issue, Elvis Angelaccio for fixing this issue.
+      - CVE-2017-5330
+      - fixes (LP: #1655507)
+
+ -- Vishnu Vardhan Reddy Naini <vishnu@vishnunaini.com>  Thu, 19 Jan 2017 03:10:04 +0530
+
 ark (4:16.04.3a-0ubuntu2.1) yakkety; urgency=medium
 
   * Fix RAR files with shared-mime-info >= 1.7 (LP: #1636655)
diff -Nru ark-16.04.3a/debian/patches/no-exec-during-url-open.patch ark-16.04.3a/debian/patches/no-exec-during-url-open.patch
--- ark-16.04.3a/debian/patches/no-exec-during-url-open.patch	1970-01-01 05:30:00.000000000 +0530
+++ ark-16.04.3a/debian/patches/no-exec-during-url-open.patch	2017-01-19 03:09:59.000000000 +0530
@@ -0,0 +1,29 @@
+From 6b6da3f2e6ac5ca12b46d208d532948c1dbb8776 Mon Sep 17 00:00:00 2001
+From: Elvis Angelaccio <elvis.angelaccio@kde.org>
+Date: Fri, 6 Jan 2017 15:35:46 +0100
+Subject: Stop running executables when opening urls
+
+This is a security risk because it's not clear when an entry in an
+archive is an executable.
+
+CCBUG: 374572
+---
+ part/part.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/part/part.cpp b/part/part.cpp
+index 62a250c..ed2a2e9 100644
+--- a/part/part.cpp
++++ b/part/part.cpp
+@@ -810,7 +810,7 @@ void Part::slotOpenExtractedEntry(KJob *job)
+                                              QString(),
+                                              QUrl::AssumeLocalFile),
+                          db.mimeTypeForFile(fullName).name(),
+-                         widget());
++                         widget(), false, false);
+             break;
+         case OpenFileWith:
+             QList<QUrl> list;
+-- 
+cgit v0.11.2
+
diff -Nru ark-16.04.3a/debian/patches/series ark-16.04.3a/debian/patches/series
--- ark-16.04.3a/debian/patches/series	2016-11-11 05:24:33.000000000 +0530
+++ ark-16.04.3a/debian/patches/series	2017-01-19 03:09:59.000000000 +0530
@@ -1 +1,2 @@
+no-exec-during-url-open.patch
 fix-rar.diff