CVE-2013-4668 Information

Description

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4 3.8.x before 3.8.3 and 3.9.x before 3.9.3 when libarchive is used allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a \Keep directory structure\ action related to fr-archive-libarchive.c and fr-window.c.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html http://secunia.com/advisories/54351 http://www.ocert.org/advisories/ocert-2013-001.html http://www.securityfocus.com/bid/61008 http://www.ubuntu.com/usn/USN-1906-1 https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631