VYPR

rpm package

almalinux/file-roller

pkg:rpm/almalinux/file-roller

Vulnerabilities (2)

  • CVE-2020-36314Apr 7, 2021
    affected < 3.28.1-4.el8fixed 3.28.1-4.el8

    fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of

  • CVE-2020-11736Apr 13, 2020
    affected < 3.28.1-4.el8fixed 3.28.1-4.el8

    fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.