[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rar oldstable update for CVE-2007-0855

On Mon, 2007-12-31 at 17:10 +0100, Nico Golde wrote:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for rar some time ago.
> CVE-2007-0855[0]:
> | Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR
> | and possibly other products, allows user-assisted remote attackers to
> | execute arbitrary code via a crafted, password-protected archive.
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian oldstable. It does
> not warrant a DSA.
> However it would be nice if this could get fixed via a regular point update.
> Please contact the release time for this.

Hi there, I'm unsure as to what you want for this.

From what I can tell, you're requesting an update of rar for oldstable? 

May I remind you that the only way to fix this in _rar_ for oldstable is
to update it to at least 3.7 beta 1 of rar. due to it being a binary

I can get this out to you tomorrow if you want (or whenever I get a
response to this) - it doesn't take too long to do an update for rar.

Also, as this is an automated email that I'm responding to - you might
want to change the wording of "Please contact the release time for
this." ... which makes no sense.

Kind Regards,
Martin Meredith

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: