Re: Question about the status of libclamunrar9/libclamunrar and CVE-2023-40477 in debian buster aka oldoldstable

To: Klaus Zerwes <kzerwes@web.de>
Cc: debian-lts@lists.debian.org
Subject: Re: Question about the status of libclamunrar9/libclamunrar and CVE-2023-40477 in debian buster aka oldoldstable
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 13 Nov 2023 21:05:08 +0100
Message-id: <[🔎] ZVKBdNeT1BoQXeuW@eldamar.lan>
Mail-followup-to: Klaus Zerwes <kzerwes@web.de>, debian-lts@lists.debian.org
In-reply-to: <3be4168fd6f171f98ce5301ec9205d3d7834cd93.camel@web.de>
References: <3be4168fd6f171f98ce5301ec9205d3d7834cd93.camel@web.de>

Hi Klaus,

On Mon, Nov 13, 2023 at 10:35:04AM +0100, Klaus Zerwes wrote:
> Hello.
> I know, buster is oldold ... But are there any plans to get a patched
> release of libclamunrar9?
> https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
> Currently buster has only 0.102.3-0+deb10u1 
> Ist there any chance that the patched version (0.103.10) will be back-
> ported from bullseye?

Forwarding this to the debian-lts list (the same mail was sent to
debian-security and debian-security-tracker list)

LTS contributors, this was released in Debian bullseye via a point
release.

(note we did not explicitly track libclamunrar for the above mentioned
CVE, specifically for rar/unrar-nonfree).

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: Question about the status of libclamunrar9/libclamunrar and CVE-2023-40477 in debian buster aka oldoldstable
  - From: Markus Koschany <apo@debian.org>

Prev by Date: PostgreSQL security updates
Next by Date: Re: Question about the status of libclamunrar9/libclamunrar and CVE-2023-40477 in debian buster aka oldoldstable
Previous by thread: PostgreSQL security updates
Next by thread: Re: Question about the status of libclamunrar9/libclamunrar and CVE-2023-40477 in debian buster aka oldoldstable
Index(es):
- Date
- Thread