A vulnerability in GNOME File Roller could lead to a directory traversal attack.
|Package||app-arch/file-roller on all architectures|
|Affected versions||< 3.36.3|
|Unaffected versions||>= 3.36.3|
File Roller is an archive manager for the GNOME desktop environment.
It was discovered that GNOME File Roller incorrectly handled symlinks.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All GNOME File Roller users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/file-roller-3.36.3"
September 13, 2020
September 13, 2020: 1