Hosting Provided By

Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update

From: Luk Claes <luk(at)debian.org>
Date: Sat Dec 29 2007 - 18:19:23 EST

Touko Korpela wrote:
> On Sun, May 20, 2007 at 08:33:16PM +0200, Martin Zobel-Helas wrote:

>> On Sun May 20, 2007 at 17:29:19 +0300, Touko Korpela wrote:
>>> Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer
>>> overflow) bug in etch and sarge. It has debian bug #410580
>>> Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1?
>> yes, please upload.

>
> Unrar-nonfree is still vulnerable after last etch update. Maybe somebody
> should upload fixed version finally?

An upload (based on the stable/oldstable version instead of a backport) is being prepared, the only remaining issue is how we will build it on all affected architectures.

Cheers

Luk

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sat Dec 29 18:20:06 2007

This message: [ Message body ]
Next message: Mike Wang: "ping22: can not kill this process"
Previous message: Touko Korpela: "Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update"
In reply to: Touko Korpela: "Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:46 EDT