Security update for file-roller
This update for file-roller fixes the following issues:
- CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink (bsc#1169428).
- CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed
an overwriting of a file during extraction (bsc#1151585).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
QK ZHU (qkzhu)
Fixed bugs
bnc#1169428
VUL-1: CVE-2020-11736: file-roller: directory traversal during extraction due to improper checking whether a file's parent is a symlink to a directory outside of the intended location
bnc#1151585
VUL-1: CVE-2019-16680: file-roller: possible path traversal via filename contained in a TAR archive
