CVE-2013-4668
Published: 11 July 2013
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
Notes
Author | Note |
---|---|
jdstrand | libarchive support added in 3.5.4 |
Priority
Status
Package | Release | Status |
---|---|---|
file-roller Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(2.30.1.1-0ubuntu2)
|
precise |
Not vulnerable
(3.4.1-0ubuntu1)
|
|
quantal |
Released
(3.6.1.1-0ubuntu1.2)
|
|
raring |
Released
(3.6.3-1ubuntu4.1)
|
|
upstream |
Released
(3.8.3-1)
|
|
Patches: upstream: https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 upstream: https://git.gnome.org/browse/file-roller/commit/?id=1e73fce51545a067767b5ba84202e73175ad0672 |