Hosting Provided By

Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update

From: Touko Korpela <tkorpela(at)phnet.fi>
Date: Sat Dec 29 2007 - 05:40:40 EST

On Sun, May 20, 2007 at 08:33:16PM +0200, Martin Zobel-Helas wrote:
> On Sun May 20, 2007 at 17:29:19 +0300, Touko Korpela wrote:
> > Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer
> > overflow) bug in etch and sarge. It has debian bug #410580
> > Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1?
>
> yes, please upload.

Unrar-nonfree is still vulnerable after last etch update. Maybe somebody should upload fixed version finally?

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sat Dec 29 05:41:28 2007

This message: [ Message body ]
Next message: Luk Claes: "Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update"
Previous message: Luk Claes: "Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities"
Next in thread: Luk Claes: "Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update"
Reply: Luk Claes: "Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:46 EDT