Your message dated Sat, 09 Jul 2022 11:47:43 +0100 with message-id <2280fe8c78e64b02a6c1d04c6dde5a32e342ba81.camel@adam-barratt.org.uk> and subject line Closing requests for updates included in 11.4 has caused the Debian Bug report #1010857, regarding bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1010857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010857 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1
- From: yokota <yokota.hgml@gmail.com>
- Date: Thu, 12 May 2022 02:31:17 +0900
- Message-id: <CA+0c0dVM_SX-KdHh65JWe=zskKSGdU3Vv1yTb7VK5pc7nko6Ow@mail.gmail.com>
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: yokota.hgml@gmail.com [ Reason ] Fix CVE-2022-30333 and its corresponding RC bug. [ Impact ] CVE-2022-30333 is directory traversal vulnerability. It write to files during an extract operation on outside of extraction directory. [ Tests ] Compiled executable file passes current autopkgtest in Debian sid. [ Risks ] Test case of CVE-2022-30333 is not available. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add patch to fix CVE-2022-30333. This patch was taken from diff file between unrar 6.1.6 and 6.1.7. [ Other info ] Upstream developer uses both application version and source version. Upstream says this security vulnerability is fixed in application version 6.12. Application version 6.12's corresponding source version is 6.1.7. CVE-2022-30333 was fixed in source version 6.1.7. -- YOKOTA HiroshiAttachment: unrar-nonfree-bullseye-update-1:6.0.3-1+deb11u1.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: 1000355-done@bugs.debian.org, 1003261-done@bugs.debian.org, 1003713-done@bugs.debian.org, 1004459-done@bugs.debian.org, 1004580-done@bugs.debian.org, 1005129-done@bugs.debian.org, 1005135-done@bugs.debian.org, 1005231-done@bugs.debian.org, 1005237-done@bugs.debian.org, 1005252-done@bugs.debian.org, 1005256-done@bugs.debian.org, 1006316-done@bugs.debian.org, 1006504-done@bugs.debian.org, 1007714-done@bugs.debian.org, 1007762-done@bugs.debian.org, 1008045-done@bugs.debian.org, 1008153-done@bugs.debian.org, 1008161-done@bugs.debian.org, 1008162-done@bugs.debian.org, 1008166-done@bugs.debian.org, 1008168-done@bugs.debian.org, 1008268-done@bugs.debian.org, 1008577-done@bugs.debian.org, 1009077-done@bugs.debian.org, 1009250-done@bugs.debian.org, 1009345-done@bugs.debian.org, 1009363-done@bugs.debian.org, 1009726-done@bugs.debian.org, 1010037-done@bugs.debian.org, 1010050-done@bugs.debian.org, 1010058-done@bugs.debian.org, 1010194-done@bugs.debian.org, 1010211-done@bugs.debian.org, 1010304-done@bugs.debian.org, 1010383-done@bugs.debian.org, 1010439-done@bugs.debian.org, 1010613-done@bugs.debian.org, 1010857-done@bugs.debian.org, 1010924-done@bugs.debian.org, 1010963-done@bugs.debian.org, 1011022-done@bugs.debian.org, 1011198-done@bugs.debian.org, 1011271-done@bugs.debian.org, 1011287-done@bugs.debian.org, 1011331-done@bugs.debian.org, 1011359-done@bugs.debian.org, 1011365-done@bugs.debian.org, 1011426-done@bugs.debian.org, 1011746-done@bugs.debian.org, 1011939-done@bugs.debian.org, 1011942-done@bugs.debian.org, 1012033-done@bugs.debian.org, 1012047-done@bugs.debian.org, 1012140-done@bugs.debian.org, 1012322-done@bugs.debian.org, 1012323-done@bugs.debian.org, 1012331-done@bugs.debian.org, 1012553-done@bugs.debian.org, 1012585-done@bugs.debian.org, 1012723-done@bugs.debian.org, 1013237-done@bugs.debian.org, 1013306-done@bugs.debian.org, 1013418-done@bugs.debian.org, 1013755-done@bugs.debian.org, 1013879-done@bugs.debian.org, 1013880-done@bugs.debian.org, 1013944-done@bugs.debian.org, 1014014-done@bugs.debian.org, 1014054-done@bugs.debian.org, 1014079-done@bugs.debian.org, 1014199-done@bugs.debian.org, 1014206-done@bugs.debian.org, 1014221-done@bugs.debian.org
- Subject: Closing requests for updates included in 11.4
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 09 Jul 2022 11:47:43 +0100
- Message-id: <2280fe8c78e64b02a6c1d04c6dde5a32e342ba81.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 11.4 (re-sending with fixed bug numbers) Hi, The updates discussed in these bugs were included in today's bullseye point release. Regards, Adam
--- End Message ---