1
PublicDateAtUSN: 2016-09-08
2
Candidate: CVE-2016-7162
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7162
6
http://openwall.com/lists/oss-security/2016/09/08/4
7
https://usn.ubuntu.com/usn/usn-3074-1
9
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4
10
through 3.20.2 allows remote attackers to delete arbitrary files via a
11
symlink attack on a folder in an archive.
14
tyhicks> Affected releases are 3.5.4 through 3.20.2
16
https://bugzilla.gnome.org/show_bug.cgi?id=698554
17
https://launchpad.net/bugs/1171236
23
upstream: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5
24
upstream_file-roller: released (3.20.3)
25
precise_file-roller: not-affected (3.4.1-0ubuntu1)
26
trusty_file-roller: released (3.10.2.1-0ubuntu4.2)
27
vivid/stable-phone-overlay_file-roller: DNE
28
vivid/ubuntu-core_file-roller: DNE
29
xenial_file-roller: released (3.16.5-0ubuntu1.2)
30
devel_file-roller: not-affected (3.21.90-0ubuntu1)