Thanks for preparing the debdiff and adding the ubuntu-security-sponsors account; I'll be taking a look at this.
I've pushed the focal version to the ubuntu security proposed ppa (https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa) after adjusting the version to match the versioning scheme described at https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging and tweaking the changelog message. I don't suppose upstream added any tests to verify correct behavior? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889672 Title: KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1889672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
