CVE-2020-36314 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Directory traversal
Description	fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1779	file-roller	3.38.0-2	3.38.1-1	Medium	Fixed

References
https://gitlab.gnome.org/GNOME/file-roller/-/issues/108 https://gitlab.gnome.org/GNOME/file-roller/-/commit/0bd4a14f3bc8dae7c68469f281da9fddbe9e0d02