Overview

File _patchinfo of Package patchinfo.18407

<patchinfo incident="18407">
  <issue tracker="cve" id="2020-36241"/>
  <issue tracker="bnc" id="1181930">VUL-1: CVE-2020-36241: gnome-autoar: directory traversal via a malicious archive that contains a file whose parent is a symbolic link which points outside of the destination directory</issue>
  <packager>AZhou</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for gnome-autoar</summary>
  <description>This update for gnome-autoar fixes the following issues:

- CVE-2020-36241: Skip problematic files that might be extracted outside of the
  destination dir to prevent potential directory traversal (bsc#1181930).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places