Re: unrar: some issues missing from security tracker data

To: Christoph Anton Mitterer <calestyo@scientia.org>
Cc: debian-security-tracker@lists.debian.org, Martin Meredith <mez@debian.org>, Norbert Preining <norbert@preining.info>, YOKOTA Hiroshi <yokota.hgml@gmail.com>, Bastian Germann <bage@debian.org>
Subject: Re: unrar: some issues missing from security tracker data
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 25 Aug 2023 09:49:00 +0200
Message-id: <[🔎] ZOhc7MndBxLA0YvA@eldamar.lan>
Mail-followup-to: Christoph Anton Mitterer <calestyo@scientia.org>, debian-security-tracker@lists.debian.org, Martin Meredith <mez@debian.org>, Norbert Preining <norbert@preining.info>, YOKOTA Hiroshi <yokota.hgml@gmail.com>, Bastian Germann <bage@debian.org>
In-reply-to: <[🔎] 20b166b13fc4b98d87372ae5591b4a508c886caf.camel@scientia.org>
References: <[🔎] 20b166b13fc4b98d87372ae5591b4a508c886caf.camel@scientia.org>

Hi Chris,

On Thu, Aug 24, 2023 at 04:02:22PM +0200, Christoph Anton Mitterer wrote:
> Hey.
> 
> Unrar data in the security tracker seems to miss:
> 
> CVE-2023-40477 https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
> CVE-2023-38831 https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
> 
> 
> AFAIU, at least the first one is already fixed in Debian (not sure
> about the 2nd).

I'm not sure if those are WinRAR specific or apply as well to src:rar
and src:unrar-nonfree. 

Seems the case, but I'm looping in the maintainers to clarify.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: unrar: some issues missing from security tracker data
  - From: Bastian Germann <bage@debian.org>

References:
- unrar: some issues missing from security tracker data
  - From: Christoph Anton Mitterer <calestyo@scientia.org>

Prev by Date: External check
Next by Date: DSA-5332 Missing from your cross references page
Previous by thread: unrar: some issues missing from security tracker data
Next by thread: Re: unrar: some issues missing from security tracker data
Index(es):
- Date
- Thread