Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ark 4:20.12.2-1+deb11u1 (source) into oldstable-security
Date: Sat, 08 Feb 2025 16:00:22 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat,  8 Feb 2025 16:40:33 CET
Source: ark
Architecture: source
Version: 4:20.12.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 f52b2832a2b30d3cd2fdd0dcba861409704acf68 2809 ark_20.12.2-1+deb11u1.dsc
 1a4ef2b25e6895ddff60364df0abebac302e5df3 2717316 ark_20.12.2.orig.tar.xz
 5cb10e71db1b5953acc767420e58f8815cfc6b02 18984 ark_20.12.2-1+deb11u1.debian.tar.xz
 5d29c2e87ece7752b72122dda4fbb0785879758b 21147 ark_20.12.2-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 e2d609e8cbe5b3aa06cabad9a187a4bd1304dd47905362ae24af4f1a6ce6cd5f 2809 ark_20.12.2-1+deb11u1.dsc
 0baf950fc330b7e7cd3a825415592579b31d6308e9e7db5cada28747e6a61edd 2717316 ark_20.12.2.orig.tar.xz
 d6adf1dfa146338e79326e8b7fb0a234b2ad38ff80d27419c869048211896193 18984 ark_20.12.2-1+deb11u1.debian.tar.xz
 813ffd5a54e7607f208bc114d2bb6c7b168df019b0978bfdc88fd6e2ae34b311 21147 ark_20.12.2-1+deb11u1_amd64.buildinfo
Changes:
 ark (4:20.12.2-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2024-57966:
     A flaw was discovered in ark, an archive utility for the KDE platform. Ark
     extracted archives with absolute paths to the corresponding location on
     the user's file system. Absolute paths are now treated as relative paths to
     prevent overwriting of sensitive information.
Files:
 cda800865a3c052abd53974662b5e03f 2809 kde optional ark_20.12.2-1+deb11u1.dsc
 5a75b98c2e7115cebe9f01a469258d8b 2717316 kde optional ark_20.12.2.orig.tar.xz
 17028713f4b3d6c88b13b8de80d86ce3 18984 kde optional ark_20.12.2-1+deb11u1.debian.tar.xz
 36268dd615bb35bfe6c50daa940b143b 21147 kde optional ark_20.12.2-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmene4NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkc+kQALrgY5wFE7QSOdc/7K0ph96+aU3uk2yJ8qSo
UmOIDX1uWDDDaa6A5xDcCHAjrstRXUQ7HB30FUWQ6xXVkeqeW+rGiKzW2ZzZrJKO
e79AZYvnqs2Q1i1JlOlSImfnk5QBj0A2alqTPp92IAL48HBIr4qfE8uGMzsVba93
aBC/qOGwxnAjuDWvTD1cfPW/M/Asfc/Hy9inxN+RQdxTUejCSJTzihff9XZ4pg1n
ZBJR1V0BrVsVR/Pgvy1NpVtim4B6CnA89WJcDaiw/lDJCK2QUBzabuHLBX1mfVyv
ui6mGa9h9NK9Nah17kGvR2TQQraK1y0iE0lA1pyXKf3DD50lq+zgqIPluS6Ij7vn
C+bFjfxJKdh16FGGCJMlJURiy3Vfk+rqw7XGmHk7tuIwJVK3ggXX/7m5O2Xd1fyD
d+7VrkZIqAvt0krtKOIjxIGZ/O16t6CrSzkaigwvX7qnje4d8ZgmV48y/AUtxrNF
q9rWSVBZjKVcnzLY5cxKN7533bSQ7sAyCdgyi757Z1cBnUzBVwcEQElhk08r1F2E
tH52XMvwRZyJtzm8AgNzuO0J7GFyVMc7SLq7Q3/cimnhN0gcVXSI1sY6ku+0FBVh
w00qNTvtCgw5P1Ed43EeOrcFWvwUSF2tqnjFWreImZKFKKadHqLBNvOjrP83eCpO
QpUPRKtS
=oGrE
-----END PGP SIGNATURE-----

News for package ark