Re: Question about the status of libclamunrar9/libclamunrar and CVE-2023-40477 in debian buster aka oldoldstable
Hi Klaus,
On Mon, Nov 13, 2023 at 10:35:04AM +0100, Klaus Zerwes wrote:
> Hello.
> I know, buster is oldold ... But are there any plans to get a patched
> release of libclamunrar9?
> https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
> Currently buster has only 0.102.3-0+deb10u1
> Ist there any chance that the patched version (0.103.10) will be back-
> ported from bullseye?
Forwarding this to the debian-lts list (the same mail was sent to
debian-security and debian-security-tracker list)
LTS contributors, this was released in Debian bullseye via a point
release.
(note we did not explicitly track libclamunrar for the above mentioned
CVE, specifically for rar/unrar-nonfree).
Regards,
Salvatore
Reply to: