Bug 11171

Summary:	Updated php-pear packages fix a security vulnerability (CVE-2020-36193)
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Zombie Ryushu <zombie.ryushu>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	CONFIRMED ---	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	denis.silakov
Version:	KDE4
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	https://advisories.mageia.org/MGASA-2021-0060.html
Whiteboard:
Platform:	2016.1	ROSA Vulnerability identifier:	CVE-2020-36193
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Zombie Ryushu 2021-02-03 11:24:50 MSK

The updated php-pear packages fix a security vulnerability in
component Archive_tar, a symlink out-of-path write vulnerability.
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory
Traversal due to inadequate checking of symbolic links. (CVE-2020-36193).