PublicDateAtUSN: 2013-07-11
Candidate: CVE-2013-4668
PublicDate: 2013-07-18 16:51:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4668
 http://www.ocert.org/advisories/ocert-2013-001.html
 http://www.openwall.com/lists/oss-security/2013/07/08/1
 https://ubuntu.com/security/notices/USN-1906-1
Description:
 Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x
 before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows
 remote attackers to create arbitrary files via a crafted archive that is
 not properly handled in a "Keep directory structure" action, related to
 fr-archive-libarchive.c and fr-window.c.
Ubuntu-Description:
Notes:
 jdstrand> libarchive support added in 3.5.4
Bugs:
Priority: medium
Discovered-by: Yorick Koster
Assigned-to: mdeslaur
CVSS: 

Patches_file-roller:
 upstream: https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631
 upstream: https://git.gnome.org/browse/file-roller/commit/?id=1e73fce51545a067767b5ba84202e73175ad0672 (3.6)
upstream_file-roller: released (3.8.3-1)
lucid_file-roller: not-affected (2.30.1.1-0ubuntu2)
precise_file-roller: not-affected (3.4.1-0ubuntu1)
quantal_file-roller: released (3.6.1.1-0ubuntu1.2)
raring_file-roller: released (3.6.3-1ubuntu4.1)
devel_file-roller: not-affected (3.8.3-0ubuntu1)