diff -Nru gnome-autoar-0.2.3/debian/changelog gnome-autoar-0.2.3/debian/changelog
--- gnome-autoar-0.2.3/debian/changelog	2021-02-10 18:59:00.000000000 +0000
+++ gnome-autoar-0.2.3/debian/changelog	2021-03-08 12:27:13.000000000 +0000
@@ -1,3 +1,11 @@
+gnome-autoar (0.2.3-2ubuntu0.2) focal-security; urgency=medium
+
+  * SECURITY REGRESSION: missing subfolder creation (LP: #1917812)
+    - debian/patches/CVE-2020-36241-2.patch: do not fail if parent folders
+      don't exist in gnome-autoar/autoar-extractor.c.
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 08 Mar 2021 07:27:13 -0500
+
 gnome-autoar (0.2.3-2ubuntu0.1) focal-security; urgency=medium
 
   * SECURITY UPDATE: directory traversal issue (LP: #1901240)
diff -Nru gnome-autoar-0.2.3/debian/patches/CVE-2020-36241-2.patch gnome-autoar-0.2.3/debian/patches/CVE-2020-36241-2.patch
--- gnome-autoar-0.2.3/debian/patches/CVE-2020-36241-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnome-autoar-0.2.3/debian/patches/CVE-2020-36241-2.patch	2021-03-08 12:27:08.000000000 +0000
@@ -0,0 +1,42 @@
+From cc4e8b7ccc973ac69d75a7423fbe1bcdc51e2cb3 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Fri, 12 Feb 2021 11:31:16 +0100
+Subject: [PATCH] extractor: Do not fail if parent folders don't exist
+
+Currently, it is not possible to extract archives that don't explicitly
+contain parent folders. This is unintentional regression caused by commit
+adb067e6. Let's simply ignore G_IO_ERROR_NOT_FOUND errors when looking
+for symlinks to fix this.
+
+Fixes: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/11
+---
+ gnome-autoar/autoar-extractor.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/gnome-autoar/autoar-extractor.c
++++ b/gnome-autoar/autoar-extractor.c
+@@ -848,6 +848,7 @@ is_valid_filename (GFile *file, GFile *d
+ {
+   g_autoptr (GFile) parent = NULL;
+   g_autoptr (GFileInfo) info = NULL;
++  g_autoptr (GError) error = NULL;
+ 
+   if (g_file_equal (file, destination))
+     return TRUE;
+@@ -862,11 +863,13 @@ is_valid_filename (GFile *file, GFile *d
+                             G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
+                             G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
+                             NULL,
+-                            NULL);
+-  if (info == NULL)
++                            &error);
++
++  /* The parent directories don't have to be created yet. */
++  if (error && !g_error_matches (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
+     return FALSE;
+ 
+-  if (g_file_info_get_is_symlink (info)) {
++  if (info && g_file_info_get_is_symlink (info)) {
+     g_autoptr (GFile) cwd = NULL;
+     const gchar *target;
+ 
diff -Nru gnome-autoar-0.2.3/debian/patches/series gnome-autoar-0.2.3/debian/patches/series
--- gnome-autoar-0.2.3/debian/patches/series	2021-02-10 18:58:56.000000000 +0000
+++ gnome-autoar-0.2.3/debian/patches/series	2021-03-08 12:27:08.000000000 +0000
@@ -1 +1,2 @@
 CVE-2020-36241.patch
+CVE-2020-36241-2.patch