Ubuntu
file-roller package

  1. Xenial (16.04)
  2. Bug #1171236
  3. Comment #6

Comment 6 for bug 1171236

Revision history for this message
Launchpad Janitor (janitor) wrote : Re: file-roller may delete the content of linked folder (?)

This bug was fixed in the package file-roller - 3.16.5-0ubuntu1.2

---------------
file-roller (3.16.5-0ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Path traversal flaw allows arbitrary file deletion via
    malicious archive (LP: #1171236)
    - debian/patches/CVE-2016-7162.patch: Do not follow symlinks when deleting
      a folder recursively. Based on upstream patch.
    - CVE-2016-7162

 -- Tyler Hicks <email address hidden> Thu, 08 Sep 2016 09:17:37 -0500