Re: unrar: some issues missing from security tracker data
- To: Christoph Anton Mitterer <calestyo@scientia.org>
- Cc: debian-security-tracker@lists.debian.org, Martin Meredith <mez@debian.org>, Norbert Preining <norbert@preining.info>, YOKOTA Hiroshi <yokota.hgml@gmail.com>, Bastian Germann <bage@debian.org>
- Subject: Re: unrar: some issues missing from security tracker data
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 25 Aug 2023 09:49:00 +0200
- Message-id: <[🔎] ZOhc7MndBxLA0YvA@eldamar.lan>
- Mail-followup-to: Christoph Anton Mitterer <calestyo@scientia.org>, debian-security-tracker@lists.debian.org, Martin Meredith <mez@debian.org>, Norbert Preining <norbert@preining.info>, YOKOTA Hiroshi <yokota.hgml@gmail.com>, Bastian Germann <bage@debian.org>
- In-reply-to: <[🔎] 20b166b13fc4b98d87372ae5591b4a508c886caf.camel@scientia.org>
- References: <[🔎] 20b166b13fc4b98d87372ae5591b4a508c886caf.camel@scientia.org>
Hi Chris,
On Thu, Aug 24, 2023 at 04:02:22PM +0200, Christoph Anton Mitterer wrote:
> Hey.
>
> Unrar data in the security tracker seems to miss:
>
> CVE-2023-40477 https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
> CVE-2023-38831 https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
>
>
> AFAIU, at least the first one is already fixed in Debian (not sure
> about the 2nd).
I'm not sure if those are WinRAR specific or apply as well to src:rar
and src:unrar-nonfree.
Seems the case, but I'm looping in the maintainers to clarify.
Regards,
Salvatore
Reply to: