diff -Nru ark-19.12.3/debian/changelog ark-19.12.3/debian/changelog
--- ark-19.12.3/debian/changelog	2020-03-05 21:33:32.000000000 +0530
+++ ark-19.12.3/debian/changelog	2020-07-30 23:10:55.000000000 +0530
@@ -1,3 +1,15 @@
+ark (4:19.12.3-0ubuntu2) UNRELEASED; urgency=medium
+
+  [Elvis Angelaccio]
+  * SECURITY UPDATE:Ark: maliciously crafted archive can install
+    files outside the extraction directory.
+    - 001-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch
+    - CVE-2020-16116
+    - Thanks to Dominik Penner for finding and reporting this issue and thanks to Elvis Angelaccio
+      and Albert Astals Cid for fixing it.
+
+ -- v.naini <vishnu@vishnunaini.com>  Thu, 30 Jul 2020 23:10:55 +0530
+
 ark (4:19.12.3-0ubuntu1) focal; urgency=medium
 
   * New upstream release (19.12.3)
diff -Nru ark-19.12.3/debian/patches/001-CVE-2020-16116-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch ark-19.12.3/debian/patches/001-CVE-2020-16116-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch
--- ark-19.12.3/debian/patches/001-CVE-2020-16116-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch	1970-01-01 05:30:00.000000000 +0530
+++ ark-19.12.3/debian/patches/001-CVE-2020-16116-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch	2020-07-30 23:10:55.000000000 +0530
@@ -0,0 +1,34 @@
+Description: SECURITY UPDATE:Ark: maliciously crafted archive can install files outside the extraction directory.
+     - 001-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch
+     - CVE-2020-16116
+     - Thanks to Dominik Penner for finding and reporting this issue and thanks to Elvis Angelaccio
+       and Albert Astals Cid for fixing it.
+Author: v.naini <vishnu@vishnunaini.com>
+
+---
+
+Origin: upstream, https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
+Bug: https://kde.org/info/security/advisory-20200730-1.txt
+Bug-Debian: 
+Bug-Ubuntu: 
+Forwarded: 
+Reviewed-By: 
+Last-Update: 2020-07-30
+
+--- ark-19.12.3.orig/kerfuffle/jobs.cpp
++++ ark-19.12.3/kerfuffle/jobs.cpp
+@@ -181,6 +181,14 @@ void Job::onError(const QString & messag
+ 
+ void Job::onEntry(Archive::Entry *entry)
+ {
++    const QString entryFullPath = entry->fullPath();
++    if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) {
++        qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath;
++        onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString());
++        onFinished(false);
++        return;
++    }
++
+     emit newEntry(entry);
+ }
+ 
diff -Nru ark-19.12.3/debian/patches/series ark-19.12.3/debian/patches/series
--- ark-19.12.3/debian/patches/series	1970-01-01 05:30:00.000000000 +0530
+++ ark-19.12.3/debian/patches/series	2020-07-30 23:10:55.000000000 +0530
@@ -0,0 +1 @@
+001-CVE-2020-16116-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch