libclamunrar and CVE-2023-40477
Hot on the heels of CVE-2023-20197, ClamAV have announced another security
issue, as a result of the RaR issue CVE-2023-40477:
https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
This probably comes under libclamunrar rather than clamav,
since it affects the non-free unrar package bundled by ClamAV
but unbundled by Debian.
I am afraid I have not been able to build any of the recent
versions of clamav (I am on Ubuntu which probably does not help)
and cannot confirm whether or not the fixed unrar-nonfree package
for sid/CVE-2023-40477 is sufficient.
--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
Reply to: