{"id":"MGASA-2021-0311","summary":"Updated file-roller packages fix security vulnerability","details":"Updated file-roller package fixes security vulnerability:\n\nA path traversal vulnerability was found in file-roller due to an\nincomplete fix for CVE-2020-11736. It may still be possible to extract\nfiles outside of the intended directory in case of malicious archives\ncontaining symbolic links. The highest threat from this vulnerability\nis to data integrity and system availability (CVE-2020-36314).\n\nAlso, the patch for CVE-2020-11736 was not applied correctly in the\nprevious update for Mageia 7 (MGASA-2020-0218). This has been corrected.\n","modified":"2026-04-16T04:42:41.455903579Z","published":"2021-07-04T02:13:55Z","upstream":["CVE-2020-36314"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0311.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29006"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/"},{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0218.html"}],"affected":[{"package":{"name":"file-roller","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/file-roller?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.32.1-2.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0311.json"}},{"package":{"name":"file-roller","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/file-roller?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.38.0-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0311.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}